Debian Bug report logs -
#898935
tomcat8: CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials'
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccors ...
Several security issues were fixed in Tomcat ...
Several issues were discovered in the Tomcat servlet and JSP engine, which
could result in session fixation attacks, information disclosure, cross-site
scripting, denial of service via resource exhaustion and insecure
redirects
For the oldstable distribution (stretch), these problems have been fixed
in version 8550-0+deb9u1 This update also req ...
Synopsis
Important: Red Hat JBoss Web Server 310 Service Pack 4 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this release as ...
Synopsis
Important: Red Hat JBoss Web Server 310 Service Pack 4 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulner ...
Synopsis
Important: Red Hat Fuse 72 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Synopsis
Moderate: tomcat security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...
Synopsis
Moderate: Red Hat JBoss Web Server 50 Service Pack 2 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Web Server 50 for RHEL 6 and Red Hat JBoss Web Server 50 for RHEL 7Red Hat Product Security has rated this release as hav ...
Synopsis
Important: pki-deps:106 security update
Type/Severity
Security Advisory: Important
Topic
An update for the pki-deps:106 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Synopsis
Moderate: Red Hat JBoss Web Server 50 Service Pack 2 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Web Server 50 for RHEL 6 and Red Hat JBoss Web Server 50 for RHEL 7Red Hat Product Security has rated this release as hav ...
The host name verification when using TLS with the WebSocket client was missing It is now enabled by default Versions Affected: Apache Tomcat 900M1 to 909, 850 to 8531, 800RC1 to 8052, and 7035 to 7088 (CVE-2018-8034)
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Ap ...
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration Therefore, it is expected that most users will not be impacted ...
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration Therefore, it is expected that most users will not be impacted ...
The defaults settings for the CORS filter provided in Apache Tomcat 900M1 to 908, 850 to 8531, 800RC1 to 8052, 7041 to 7088 are insecure and enable 'supportsCredentials' for all origins It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default conf ...