Lucene search

K
oraclelinuxOracleLinuxELSA-2024-0474
HistoryJan 25, 2024 - 12:00 a.m.

tomcat security update

2024-01-2500:00:00
linux.oracle.com
14
tomcat
security update
multiple cves
open redirect
request smuggling
dos
information leak

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0.01

Percentile

83.5%

[1:9.0.62-37.el9_3.1]

  • Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication
  • Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling
  • Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
  • Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0.01

Percentile

83.5%