ELSA-2019-2205

ULN >
Oracle Linux Errata repository >
ELSA-2019-2205

ELSA-2019-2205 - tomcat security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2019-08-13

Description

[0:7.0.76-9]
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo
sure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised us
ers
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters < and > to the possible whitelist values

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	tomcat-7.0.76-9.el7.src.rpm	f43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-7.0.76-9.el7.src.rpm	f43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-7.0.76-9.el7.noarch.rpm	f1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-7.0.76-9.el7.noarch.rpm	f1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	f36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	f36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm	017d11d2b54f5f5c57421bf4181d5aa06f23ca9fc9a77610d943642be9758220	ELSA-2020-5020	ol7_aarch64_optional_latest
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2da	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2da	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-javadoc-7.0.76-9.el7.noarch.rpm	06142fdfc059f07846d28bb0360a7e39b7a1823ca93ebfceab5b98db1dff443b	ELSA-2020-5020	ol7_aarch64_optional_latest
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-jsvc-7.0.76-9.el7.noarch.rpm	b93c76342fbee989d499cc0d8da441a959e4dcb1627ed0c5e238e2e680d54630	ELSA-2020-5020	ol7_aarch64_optional_latest
	tomcat-lib-7.0.76-9.el7.noarch.rpm	ae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-lib-7.0.76-9.el7.noarch.rpm	ae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679	ELSA-2020-5020	ol7_aarch64_u7_base
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	e802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4	ELSA-2020-5020	ol7_aarch64_latest
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	e802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4	ELSA-2020-5020	ol7_aarch64_u7_base

Oracle Linux 7 (x86_64)	tomcat-7.0.76-9.el7.src.rpm	f43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-7.0.76-9.el7.src.rpm	f43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-7.0.76-9.el7.noarch.rpm	f1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-7.0.76-9.el7.noarch.rpm	f1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	f36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	f36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm	017d11d2b54f5f5c57421bf4181d5aa06f23ca9fc9a77610d943642be9758220	ELSA-2020-5020	ol7_x86_64_optional_latest
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2da	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2da	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-javadoc-7.0.76-9.el7.noarch.rpm	06142fdfc059f07846d28bb0360a7e39b7a1823ca93ebfceab5b98db1dff443b	ELSA-2020-5020	ol7_x86_64_optional_latest
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-jsvc-7.0.76-9.el7.noarch.rpm	b93c76342fbee989d499cc0d8da441a959e4dcb1627ed0c5e238e2e680d54630	ELSA-2020-5020	ol7_x86_64_optional_latest
	tomcat-lib-7.0.76-9.el7.noarch.rpm	ae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-lib-7.0.76-9.el7.noarch.rpm	ae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679	ELSA-2020-5020	ol7_x86_64_u7_base
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	e802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4	ELSA-2020-5020	ol7_x86_64_latest
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	e802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4	ELSA-2020-5020	ol7_x86_64_u7_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691