Lucene search
OracleLinuxELSA-2020-4004HistoryOct 06, 2020 - 12:00 a.m.
tomcat security and bug fix update
2020-10-0600:00:00
linux.oracle.com
22
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
[0:7.0.76-15]
- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
[0:7.0.76-14] - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
[0:7.0.76-13] - Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | tomcat | < 7.0.76-15.el7 | tomcat-7.0.76-15.el7.src.rpm |
| oracle linux | 7 | noarch | tomcat | < 7.0.76-15.el7 | tomcat-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-admin-webapps | < 7.0.76-15.el7 | tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-docs-webapp | < 7.0.76-15.el7 | tomcat-docs-webapp-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-el-2.2-api | < 7.0.76-15.el7 | tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-javadoc | < 7.0.76-15.el7 | tomcat-javadoc-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-jsp-2.2-api | < 7.0.76-15.el7 | tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-jsvc | < 7.0.76-15.el7 | tomcat-jsvc-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-lib | < 7.0.76-15.el7 | tomcat-lib-7.0.76-15.el7.noarch.rpm |
| oracle linux | 7 | noarch | tomcat-servlet-3.0-api | < 7.0.76-15.el7 | tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm |
Related
nessus
nessus
Scientific Linux Security Update : tomcat on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
CentOS 7 : tomcat (CESA-2020:4004)
2020-10-20 00:00:00
Oracle Linux 7 : tomcat (ELSA-2020-4004)
2023-09-07 00:00:00
redhat
redhat
centos
centos
tomcat security update
2020-10-20 19:04:26
tomcat security update
2020-06-11 21:13:08
openvas
openvas
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2093)
2020-09-29 00:00:00
Ubuntu: Security Advisory (USN-4448-1)
2020-08-05 00:00:00
Debian: Security Advisory (DLA-2209-1)
2020-05-29 00:00:00
amazon
amazon
Important: tomcat
2023-05-11 17:49:00
Important: tomcat8
2020-06-23 06:47:00
Important: tomcat7
2020-06-23 06:45:00
atlassian
atlassian
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade the bundled version of Apache Tomcat to 8.5.57
2020-07-17 15:19:11
ubuntu
ubuntu
Tomcat vulnerabilities
2020-08-04 00:00:00
Tomcat vulnerabilities
2020-10-21 00:00:00
osv
osv
tomcat9 vulnerabilities
2020-10-21 13:55:35
tomcat9 - security update
2020-07-17 00:00:00
tomcat8 - security update
2020-05-11 00:00:00
debian
debian
[SECURITY] [DLA 2209-1] tomcat8 security update
2020-05-28 17:53:49
[SECURITY] [DSA 4627-1] tomcat9 security update
2020-07-17 18:07:40
[SECURITY] [DLA 2217-1] tomcat7 security update
2020-05-23 17:27:59
ibm
ibm
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
2020-08-17 09:36:06
Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935
2022-01-25 07:37:12
cve
cve
veracode
veracode
Denial Of Service (DoS)
2020-07-15 08:18:40
Session Fixation
2019-12-19 08:29:44
Remote Code Execution
2020-05-21 03:52:01
kaspersky
kaspersky
KLA12084 DoS vulnerability in Apache Tomcat
2020-07-07 00:00:00
KLA11626 SB vulnerability in Apache Tomcat
2019-12-12 00:00:00
KLA11785 Security vulnerability in Apache Tomcat
2020-05-11 00:00:00
redhatcve
redhatcve
github
github
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
2019-12-26 18:22:26
Infinite Loop in Apache Tomcat
2022-02-08 22:05:17
Potential remote code execution in Apache Tomcat
2020-05-21 18:52:29
prion
prion
Denial of service
2020-07-14 15:15:00
Session fixation
2019-12-23 17:15:00
Deserialization of untrusted data
2020-05-20 19:15:00
debiancve
debiancve
githubexploit
githubexploit
Exploit for Infinite Loop in Apache Tomcat
2020-11-02 14:48:55
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2020-09-05 13:56:51
Exploit for Deserialization of Untrusted Data in Oracle Retail Order Broker
2021-01-15 17:59:50
f5
f5
K45026834 : Apache Tomcat vulnerability CVE-2020-13935
2020-08-27 00:00:00
K24551552 : Apache Tomcat vulnerability CVE-2019-17563
2020-01-23 00:00:00
K03121171 : Apache Tomcat vulnerability CVE-2020-9484
2020-05-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.105
2020-07-07 00:00:00
Fixed in Apache Tomcat 9.0.30
2019-12-12 00:00:00
Fixed in Apache Tomcat 8.5.50
2019-12-12 00:00:00
symantec
symantec
Apache Tomcat CVE-2019-17563 Session Fixation Vulnerability
2019-12-18 00:00:00
ubuntucve
ubuntucve
cgr
cgr
CVE-2019-17563 vulnerabilities
2024-04-25 09:06:10
fedora
fedora
[SECURITY] Fedora 31 Update: tomcat-9.0.36-1.fc31
2020-06-23 01:14:05
[SECURITY] Fedora 32 Update: tomcat-9.0.36-1.fc32
2020-06-23 01:22:02
oraclelinux
oraclelinux
tomcat security update
2020-06-11 00:00:00
tomcat6 security update
2020-06-12 00:00:00
broadcom
broadcom
BSA-2022-1839
2022-05-03 00:00:00
archlinux
archlinux
[ASA-202006-5] tomcat8: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-7] tomcat9: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-6] tomcat7: arbitrary code execution
2020-06-06 00:00:00
gentoo
gentoo
Apache Tomcat: Remote code execution
2020-06-15 00:00:00
suse
suse
Security update for tomcat (important)
2020-05-25 00:00:00
nuclei
nuclei
Apache Tomcat Remote Command Execution
2020-07-03 05:39:02
mageia
mageia
Updated tomcat packages fix security vulnerability
2020-07-05 14:26:44
Updated tomcat packages fix security vulnerabilities
2020-01-28 10:52:40
freebsd
freebsd
Apache Tomcat Remote Code Execution via session persistence
2020-05-12 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related for ELSA-2020-4004