Synopsis
Critical: Red Hat Fuse 7121 release and security update
Type/Severity
Security Advisory: Critical
Topic
A minor version update (from 712 to 7121) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
The patch to address
CVE-2023-44487
(Rapid Reset Attack) was incomplete and caused a regression when using
asynchronous I/O (the default for NIO and NIO2) DATA frames must be
included when calculating the HTTP/2 overhead count to ensure that
connections are not prematurely terminated
For the oldstable distribution (bullseye), this problem has bee ...
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine
CVE-2023-28709
Denial of Service If non-default HTTP connector settings were used such
that the maxParameterCount could be reached using query string parameters
and a request was submitted that supplied exactly maxParameterCount
parameters ...
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine
CVE-2023-24998
Denial of service Tomcat uses a packaged renamed copy of Apache Commons
FileUpload to provide the file upload functionality defined in the Jakarta
Servlet specification Apache Tomcat was, therefore, also vulnerable to the
Co ...
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9
introduced by the patch to fix
CVE-2023-44487
(Rapid Reset Attack) A wrong value for the overheadcount variable forced HTTP2
connections to close early
For the oldstable distribution (bullseye), this problem has been fixed
in version 9043-2~deb11u9
We recommend that you u ...
Incomplete Cleanup vulnerability in Apache Tomcat When recycling various internal objects in Apache Tomcat from 1100-M1 through 1100-M11, from 1010-M1 through 10113, from 900-M1 through 9080 and from 850 through 8593, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the cur ...
Incomplete Cleanup vulnerability in Apache Tomcat When recycling various internal objects in Apache Tomcat from 1100-M1 through 1100-M11, from 1010-M1 through 10113, from 900-M1 through 9080 and from 850 through 8593, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the cur ...
Incomplete Cleanup vulnerability in Apache Tomcat When recycling various internal objects in Apache Tomcat from 1100-M1 through 1100-M11, from 1010-M1 through 10113, from 900-M1 through 9080 and from 850 through 8593, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the cur ...
DescriptionThe MITRE CVE dictionary describes this issue as: Incomplete Cleanup vulnerability in Apache TomcatWhen recycling various internal objects in Apache Tomcat from 1100-M1 through 1100-M11, from 1010-M1 through 10113, from 900-M1 through 9080 and from 850 through 8593, an error could cause Tomcat to skip some parts of the r ...
A vulnerability (CVE-2023-42795) exists in Cosminexus Component Container
Affected products and versions are listed below Please upgrade your version to the appropriate version
These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products
For details about the fixed version about Cosminex ...
Vulmon