Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in possible timing attacks to
determine valid user names, bypass of the SecurityManager, disclosure of
system properties, unrestricted access to global resources, arbitrary
file overwrites, and potentially escalation of privileges
For the ...
USN-3177-1 introduced a regression in Tomcat ...
Several security issues were fixed in Tomcat ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 6
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a s ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 7
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a s ...
Synopsis
Moderate: jboss-ec2-eap security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as havin ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 5
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for RHEL 5Red Hat Product Security has rated this update as having a security impactof Mod ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Synopsis
Important: Red Hat JBoss Web Server security and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325)
A malicious web application was able to bypass a configu ...
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications ...
Debian Bug report logs -
#842663
CVE-2016-5018: Apache Tomcat Security Manager Bypass
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 ...
Debian Bug report logs -
#842665
CVE-2016-6796: Apache Tomcat Security Manager Bypass
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 ...
Debian Bug report logs -
#840685
TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Thu, 13 Oct 2016 20:30:02 UT ...
Debian Bug report logs -
#842664
CVE-2016-6794: Apache Tomcat System Property Disclosure
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, ...
Debian Bug report logs -
#845393
CVE-2016-9774: privilege escalation via upgrade
Package:
tomcat8;
Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon)
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Tue, 22 ...
Debian Bug report logs -
#842666
CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
...
Debian Bug report logs -
#842662
CVE-2016-0762: Apache Tomcat Realm Timing Attack
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 Oct ...
Debian Bug report logs -
#845385
CVE-2016-9775: privilege escalation via removal
Package:
tomcat8;
Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon)
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Tue, 22 ...