Synopsis
Important: Red Hat JBoss Web Server security and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in possible timing attacks to
determine valid user names, bypass of the SecurityManager, disclosure of
system properties, unrestricted access to global resources, arbitrary
file overwrites, and potentially escalation of privileges
For the ...
USN-3177-1 introduced a regression in Tomcat ...
Several security issues were fixed in Tomcat ...
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325)
A malicious web application was able to bypass a configu ...
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not ...
Debian Bug report logs -
#842663
CVE-2016-5018: Apache Tomcat Security Manager Bypass
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 ...
Debian Bug report logs -
#842665
CVE-2016-6796: Apache Tomcat Security Manager Bypass
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 ...
Debian Bug report logs -
#840685
TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Thu, 13 Oct 2016 20:30:02 UT ...
Debian Bug report logs -
#842664
CVE-2016-6794: Apache Tomcat System Property Disclosure
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, ...
Debian Bug report logs -
#845393
CVE-2016-9774: privilege escalation via upgrade
Package:
tomcat8;
Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon)
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Tue, 22 ...
Debian Bug report logs -
#842666
CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
...
Debian Bug report logs -
#842662
CVE-2016-0762: Apache Tomcat Realm Timing Attack
Package:
tomcat7;
Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 31 Oct ...
Debian Bug report logs -
#845385
CVE-2016-9775: privilege escalation via removal
Package:
tomcat8;
Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon)
Reported by: Paul Szabo <paulszabo@sydneyeduau>
Date: Tue, 22 ...