ELSA-2019-2205

ELSA-2019-2205 - tomcat security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2019-08-13

Description


[0:7.0.76-9]
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo
sure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised us
ers
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters < and > to the possible whitelist values


Related CVEs


CVE-2018-1305
CVE-2018-8034
CVE-2018-1304
CVE-2018-8014

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) tomcat-7.0.76-9.el7.src.rpmf43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083ELSA-2020-5020ol7_aarch64_latest
tomcat-7.0.76-9.el7.src.rpmf43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083ELSA-2020-5020ol7_aarch64_u7_base
tomcat-7.0.76-9.el7.noarch.rpmf1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2ELSA-2020-5020ol7_aarch64_latest
tomcat-7.0.76-9.el7.noarch.rpmf1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2ELSA-2020-5020ol7_aarch64_u7_base
tomcat-admin-webapps-7.0.76-9.el7.noarch.rpmf36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6ELSA-2020-5020ol7_aarch64_latest
tomcat-admin-webapps-7.0.76-9.el7.noarch.rpmf36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6ELSA-2020-5020ol7_aarch64_u7_base
tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm017d11d2b54f5f5c57421bf4181d5aa06f23ca9fc9a77610d943642be9758220ELSA-2020-5020ol7_aarch64_optional_latest
tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2daELSA-2020-5020ol7_aarch64_latest
tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2daELSA-2020-5020ol7_aarch64_u7_base
tomcat-javadoc-7.0.76-9.el7.noarch.rpm06142fdfc059f07846d28bb0360a7e39b7a1823ca93ebfceab5b98db1dff443bELSA-2020-5020ol7_aarch64_optional_latest
tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7ELSA-2020-5020ol7_aarch64_latest
tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7ELSA-2020-5020ol7_aarch64_u7_base
tomcat-jsvc-7.0.76-9.el7.noarch.rpmb93c76342fbee989d499cc0d8da441a959e4dcb1627ed0c5e238e2e680d54630ELSA-2020-5020ol7_aarch64_optional_latest
tomcat-lib-7.0.76-9.el7.noarch.rpmae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3ELSA-2020-5020ol7_aarch64_latest
tomcat-lib-7.0.76-9.el7.noarch.rpmae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3ELSA-2020-5020ol7_aarch64_u7_base
tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679ELSA-2020-5020ol7_aarch64_latest
tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679ELSA-2020-5020ol7_aarch64_u7_base
tomcat-webapps-7.0.76-9.el7.noarch.rpme802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4ELSA-2020-5020ol7_aarch64_latest
tomcat-webapps-7.0.76-9.el7.noarch.rpme802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4ELSA-2020-5020ol7_aarch64_u7_base
Oracle Linux 7 (x86_64) tomcat-7.0.76-9.el7.src.rpmf43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083ELSA-2020-5020ol7_x86_64_latest
tomcat-7.0.76-9.el7.src.rpmf43dff5a68b5eb896b84428ee08c351da74f3889e7da3eb78ca72ab2557e9083ELSA-2020-5020ol7_x86_64_u7_base
tomcat-7.0.76-9.el7.noarch.rpmf1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2ELSA-2020-5020ol7_x86_64_latest
tomcat-7.0.76-9.el7.noarch.rpmf1ecdb1f5f12262ae161d620db7d1ba5916f0e4b9d8c60cc192fc2865866e2a2ELSA-2020-5020ol7_x86_64_u7_base
tomcat-admin-webapps-7.0.76-9.el7.noarch.rpmf36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6ELSA-2020-5020ol7_x86_64_latest
tomcat-admin-webapps-7.0.76-9.el7.noarch.rpmf36a2810cdb5b22d8bbc38b1dd56e39f082b4ea55aad5815eba205cee18d14d6ELSA-2020-5020ol7_x86_64_u7_base
tomcat-docs-webapp-7.0.76-9.el7.noarch.rpm017d11d2b54f5f5c57421bf4181d5aa06f23ca9fc9a77610d943642be9758220ELSA-2020-5020ol7_x86_64_optional_latest
tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2daELSA-2020-5020ol7_x86_64_latest
tomcat-el-2.2-api-7.0.76-9.el7.noarch.rpm7b08c305cb7b197f4af527650d81e1352ea001212a1fbc8d62521f1342fec2daELSA-2020-5020ol7_x86_64_u7_base
tomcat-javadoc-7.0.76-9.el7.noarch.rpm06142fdfc059f07846d28bb0360a7e39b7a1823ca93ebfceab5b98db1dff443bELSA-2020-5020ol7_x86_64_optional_latest
tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7ELSA-2020-5020ol7_x86_64_latest
tomcat-jsp-2.2-api-7.0.76-9.el7.noarch.rpm6984d566eccc331efcde93e65858663dde578160715cdf2df7d56865fce221c7ELSA-2020-5020ol7_x86_64_u7_base
tomcat-jsvc-7.0.76-9.el7.noarch.rpmb93c76342fbee989d499cc0d8da441a959e4dcb1627ed0c5e238e2e680d54630ELSA-2020-5020ol7_x86_64_optional_latest
tomcat-lib-7.0.76-9.el7.noarch.rpmae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3ELSA-2020-5020ol7_x86_64_latest
tomcat-lib-7.0.76-9.el7.noarch.rpmae4d86dba25b8305d8e98c84406987df06fe384dfa5b4ef37056e779f6a417d3ELSA-2020-5020ol7_x86_64_u7_base
tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679ELSA-2020-5020ol7_x86_64_latest
tomcat-servlet-3.0-api-7.0.76-9.el7.noarch.rpm8747e45197fea8955e4b782ceb27acb1c97987743e7073b101a59fe7dbf22679ELSA-2020-5020ol7_x86_64_u7_base
tomcat-webapps-7.0.76-9.el7.noarch.rpme802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4ELSA-2020-5020ol7_x86_64_latest
tomcat-webapps-7.0.76-9.el7.noarch.rpme802f4a9e4a0b1fc4dde3e6a0a99b5b86ded97809354a81500b13e9ef0bf8ad4ELSA-2020-5020ol7_x86_64_u7_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete