Download
| Alert*
oval:org.secpod.oval:def:89043731
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up - Don"t give write permissions for the tomcat group on files and directories where it"s not needed - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:66019 The host is installed with Apache Tomcat 10.x before 10.0.0-M8, 9.0.0.M5 before 9.0.38 or 8.5.1 before 8.5.58 and is prone to a request mix-up vulnerability. A flaw is present in application, which fails to properly handle the violation of the limit on the number of concurrent streams. Successful ex ... oval:org.secpod.oval:def:89002845 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up . - CVE-2020-17527: Fixed a HTTP/2 request header mix-up . Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They"re not used ... oval:org.secpod.oval:def:1701683 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection , it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 ps ... oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:2106342 Oracle Solaris 11 - ( CVE-2020-17527 ) oval:org.secpod.oval:def:605407 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. oval:org.secpod.oval:def:69854 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. |