Lucene search

K
oraclelinuxOracleLinuxELSA-2024-0125
HistoryJan 11, 2024 - 12:00 a.m.

tomcat security update

2024-01-1100:00:00
linux.oracle.com
7
tomcat
security update
open redirect
dos
information leak
request smuggling

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.5%

[1:9.0.62-27.2]

  • Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
  • FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
  • improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
  • incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.5%