tomcat security, bug fix, and enhancement update

🗓️ 09 Nov 2016 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 50 Views

Tomcat 7.0.69-10 bug fix update with security enhancement

Reporter	Title	Published	Views	Family All 799
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-3092)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 )	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810	16 Jan 201909:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Forms Experience Builder is vulnerable due to Apache Tomcat and Apache Commons FileUpload Vulnerabilities (CVE-2016-3092)	16 Jun 201820:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a security bypass. (CVE-2014-7810)	16 Jun 201821:31	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Directory Administrator is affected by an Apache Tomcat vulnerability (CVE-2016-3092)	17 Jun 201805:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Limits (CVE-2016-3092)	15 Jun 201822:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller and Storwize Family	29 Mar 202301:48	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	7	src	tomcat	7.0.69-10.el7	tomcat-7.0.69-10.el7.src.rpm
oracle linux	7	noarch	tomcat	7.0.69-10.el7	tomcat-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-admin-webapps	7.0.69-10.el7	tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-docs-webapp	7.0.69-10.el7	tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-el-2.2-api	7.0.69-10.el7	tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-javadoc	7.0.69-10.el7	tomcat-javadoc-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-jsp-2.2-api	7.0.69-10.el7	tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-jsvc	7.0.69-10.el7	tomcat-jsvc-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-lib	7.0.69-10.el7	tomcat-lib-7.0.69-10.el7.noarch.rpm
oracle linux	7	noarch	tomcat-servlet-3.0-api	7.0.69-10.el7	tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm

09 Nov 2016 00:00Current

0.6Low risk

Vulners AI Score0.6

CVSS 27.8

CVSS 38.8

EPSS0.4988

tomcat 7.0.69-10 bug fix security enhancement proxy request header environmental variable cgi denial of service cve-2016-3092 cve-2014-7810 cve-2016-0706 cve-2015-5346 csrf token leak rebase hsts support session fixation directory disclosure url normalization issue security manager bypass