Debian Bug report logs -
#898935
tomcat8: CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials'
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccors ...
Several security issues were fixed in Tomcat ...
Synopsis
Moderate: tomcat security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...
Synopsis
Important: Red Hat JBoss Web Server 310 Service Pack 2 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Synopsis
Important: Red Hat JBoss Web Server 310 Service Pack 2 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Critical: Red Hat FIS 20 on Fuse 630 R8 security and bug fix update
Type/Severity
Security Advisory: Critical
Topic
An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Several issues were discovered in the Tomcat servlet and JSP
engine They could lead to unauthorized access to protected resources,
denial-of-service, or information leak
For the stable distribution (stretch), these problems have been fixed in
version 8514-1+deb9u3
We recommend that you upgrade your tomcat8 packages
For the detailed security s ...
The host name verification when using TLS with the WebSocket client was missing It is now enabled by default Versions Affected: Apache Tomcat 900M1 to 909, 850 to 8531, 800RC1 to 8052, and 7035 to 7088 (CVE-2018-8034)
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Ap ...
Late application of security constraints can lead to resource exposure for unauthorised users:Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending ...
Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute The update was not correct As a result, some scripts may have failed to execu ...
Security constraints defined by annotations of Servlets in Apache Tomcat 900M1 to 904, 850 to 8527, 800RC1 to 8049 and 700 to 7084 were only applied once a Servlet had been loaded Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servl ...