| Revision Date: | 2018-03-26 | Version: | 1 |
| Title: | Security update for tomcat (Moderate) |
| Description: |
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1078677
1082480
1082481
CVE-2017-15706
CVE-2018-1304
CVE-2018-1305
SUSE-SU-2018:0817-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information
tomcat-8.0.50-29.8.2 is installed
OR tomcat-admin-webapps-8.0.50-29.8.2 is installed
OR tomcat-docs-webapp-8.0.50-29.8.2 is installed
OR tomcat-el-3_0-api-8.0.50-29.8.2 is installed
OR tomcat-javadoc-8.0.50-29.8.2 is installed
OR tomcat-jsp-2_3-api-8.0.50-29.8.2 is installed
OR tomcat-lib-8.0.50-29.8.2 is installed
OR tomcat-servlet-3_1-api-8.0.50-29.8.2 is installed
OR tomcat-webapps-8.0.50-29.8.2 is installed
|