SUSE-SU-2018:0817-1 -- SLES tomcatID: oval:org.secpod.oval:def:89043907 | Date: (C)2021-03-05 (M)2023-12-14 |
Class: PATCH | Family: unix |
This update for tomcat fixes the following issues: Security issues fixed: - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users . - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources . - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |