Lucene search

RedHatRHSA-2023:7065

HistoryNov 14, 2023 - 8:44 a.m.

(RHSA-2023:7065) Moderate: tomcat security and bug fix update

2023-11-1408:44:23

access.redhat.com

apache tomcat

java servlet

javaserver pages

security fix

cve-2023-24998

cve-2023-28708

red hat enterprise linux 8.9 release notes

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.034 Low

EPSS

Percentile

91.3%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchtomcat-jsp-2.3-api< 9.0.62-27.el8_9tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-el-3.0-api< 9.0.62-27.el8_9tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-lib< 9.0.62-27.el8_9tomcat-lib-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-servlet-4.0-api< 9.0.62-27.el8_9tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat< 9.0.62-27.el8_9tomcat-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-admin-webapps< 9.0.62-27.el8_9tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-docs-webapp< 9.0.62-27.el8_9tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm
RedHat8noarchtomcat-webapps< 9.0.62-27.el8_9tomcat-webapps-9.0.62-27.el8_9.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	tomcat-jsp-2.3-api	< 9.0.62-27.el8_9	tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-el-3.0-api	< 9.0.62-27.el8_9	tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-lib	< 9.0.62-27.el8_9	tomcat-lib-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-servlet-4.0-api	< 9.0.62-27.el8_9	tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat	< 9.0.62-27.el8_9	tomcat-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-admin-webapps	< 9.0.62-27.el8_9	tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-docs-webapp	< 9.0.62-27.el8_9	tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm
RedHat	8	noarch	tomcat-webapps	< 9.0.62-27.el8_9	tomcat-webapps-9.0.62-27.el8_9.noarch.rpm