Several security issues were fixed in Tomcat ...
Debian Bug report logs -
#961209
tomcat9: CVE-2020-9484
Package:
src:tomcat9;
Maintainer for src:tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 21 May 2020 12:24:02 UTC
Severity: grave
Tags: security, upstream
Found ...
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine
CVE-2021-43980
The simplified implementation of blocking reads and writes introduced in
Tomcat 10 and back-ported to Tomcat 9047 onwards exposed a long standing
(but extremely hard to trigger) concurrency bug that could cause client
connec ...
Several vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in code execution or denial of service
For the stable distribution (buster), these problems have been fixed in
version 9031-1~deb10u2
We recommend that you upgrade your tomcat9 packages
For the detailed security status of tomcat9 please refer to
it ...
Synopsis
Important: Red Hat JBoss Web Server 531 security update
Type/Severity
Security Advisory: Important
Topic
Updated Red Hat JBoss Web Server 531 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and WindowsRed Hat Product Security ha ...
Synopsis
Important: Red Hat JBoss Web Server 31 Service Pack 9 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Commo ...
Synopsis
Important: Red Hat support for Spring Boot 2115 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat support for Spring BootRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis
Important: tomcat security update
Type/Severity
Security Advisory: Important
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: Red Hat JBoss Web Server 531 security update
Type/Severity
Security Advisory: Important
Topic
Updated Red Hat JBoss Web Server 531 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated ...
Synopsis
Important: tomcat6 security update
Type/Severity
Security Advisory: Important
Topic
An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: Red Hat JBoss Web Server 31 Service Pack 9 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31, for RHEL 6, RHEL 7 and WindowsRed Hat Product Security has rated this release as having a security impact of Importan ...
Synopsis
Important: Red Hat Fuse 7110 release and security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
When using Apache Tomcat versions 1000-M1 to 1000-M4, 900M1 to 9034, 850 to 8554 and 700 to 70103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueC ...
When using Apache Tomcat versions 1000-M1 to 1000-M4, 900M1 to 9034, 850 to 8554 and 700 to 70103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueC ...
When using Apache Tomcat versions 1000-M1 to 1000-M4, 900M1 to 9034, 850 to 8554 and 700 to 70103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueC ...
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
When using Apache Tomcat versions 1000-M1 to 1000-M4, 900M1 to 9034, 850 to 8554 and 700 to 70103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueC ...