Lucene search

K
osvGoogleOSV:ALSA-2019:1529
HistoryJun 18, 2019 - 4:36 p.m.

Important: pki-deps:10.6 security update

2019-06-1816:36:21
Google
osv.dev
5

AI Score

9.8

Confidence

High

EPSS

0.791

Percentile

98.3%

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System.

Security Fix(es):

  • tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)

  • tomcat: Insecure defaults in CORS filter enable β€˜supportsCredentials’ for all origins (CVE-2018-8014)

  • tomcat: Open redirect in default servlet (CVE-2018-11784)

  • tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.