ELSA-2019-2205

ULN >
Oracle Linux Errata repository >
ELSA-2019-2205

ELSA-2019-2205 - tomcat security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2019-08-13

Description

[0:7.0.76-9]
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo
sure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised us
ers
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters < and > to the possible whitelist values

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (aarch64)	tomcat-7.0.76-9.el7.src.rpm	1ddeb34cb6d9b49ea99f51344d74f7de	ELSA-2020-5020
	tomcat-7.0.76-9.el7.noarch.rpm	496a89dd2c16d1a324d77e46acdd3334	ELSA-2020-5020
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	5ce01d52465ddb4ca2d7a2a519052d11	ELSA-2020-5020
	tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm	259d6cace571bfb5434b60989ea0035f	ELSA-2020-5020
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	8f6c2249fff3c9fc51429fe3ec11f5aa	ELSA-2020-5020
	tomcat-javadoc-7.0.76-9.el7.noarch.rpm	1132eba3a1ad6a811276ed5825fc66af	ELSA-2020-5020
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	d6bebd78ba63669ad62ab1b5a2a26d7b	ELSA-2020-5020
	tomcat-jsvc-7.0.76-9.el7.noarch.rpm	d644dbbe013e44fa2877a3aadef127b8	ELSA-2020-5020
	tomcat-lib-7.0.76-9.el7.noarch.rpm	9c2ca8209786e3fb9076deca0b8ca999	ELSA-2020-5020
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	61646e968958fe886cf05eeb1c055118	ELSA-2020-5020
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	d8f75bb7a950ef47bf55f5f1f8c00cc0	ELSA-2020-5020

Oracle Linux 7 (x86_64)	tomcat-7.0.76-9.el7.src.rpm	1ddeb34cb6d9b49ea99f51344d74f7de	ELSA-2020-5020
	tomcat-7.0.76-9.el7.noarch.rpm	496a89dd2c16d1a324d77e46acdd3334	ELSA-2020-5020
	tomcat-admin-webapps-7.0.76-9.el7.noarch.rpm	5ce01d52465ddb4ca2d7a2a519052d11	ELSA-2020-5020
	tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm	259d6cace571bfb5434b60989ea0035f	ELSA-2020-5020
	tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm	8f6c2249fff3c9fc51429fe3ec11f5aa	ELSA-2020-5020
	tomcat-javadoc-7.0.76-9.el7.noarch.rpm	1132eba3a1ad6a811276ed5825fc66af	ELSA-2020-5020
	tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm	d6bebd78ba63669ad62ab1b5a2a26d7b	ELSA-2020-5020
	tomcat-jsvc-7.0.76-9.el7.noarch.rpm	d644dbbe013e44fa2877a3aadef127b8	ELSA-2020-5020
	tomcat-lib-7.0.76-9.el7.noarch.rpm	9c2ca8209786e3fb9076deca0b8ca999	ELSA-2020-5020
	tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm	61646e968958fe886cf05eeb1c055118	ELSA-2020-5020
	tomcat-webapps-7.0.76-9.el7.noarch.rpm	d8f75bb7a950ef47bf55f5f1f8c00cc0	ELSA-2020-5020

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691