Oval Definition:oval:com.redhat.rhsa:def:20171809
Revision Date:2017-07-27Version:638
Title:RHSA-2017:1809: tomcat security update (Important)
Description:Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

  • A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)

  • A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2017-5648
    CVE-2017-5664
    RHSA-2017:1809
    RHSA-2017:1809-00
    RHSA-2017:1809-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • tomcat is earlier than 0:7.0.69-12.el7_3
  • AND tomcat is signed with Red Hat redhatrelease2 key
  • tomcat-admin-webapps is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
  • tomcat-docs-webapp is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
  • tomcat-el-2.2-api is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
  • tomcat-javadoc is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-javadoc is signed with Red Hat redhatrelease2 key
  • tomcat-jsp-2.2-api is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
  • tomcat-jsvc is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-jsvc is signed with Red Hat redhatrelease2 key
  • tomcat-lib is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-lib is signed with Red Hat redhatrelease2 key
  • tomcat-servlet-3.0-api is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
  • tomcat-webapps is earlier than 0:7.0.69-12.el7_3
  • AND tomcat-webapps is signed with Red Hat redhatrelease2 key
  • BACK