software: tomcat 9.0.37
WASP: ROSA-CHROME
package_evr_string: tomcat-9.0.37-4
CVE-ID: CVE-2023-28709
BDU-ID: 2023-05380
CVE-Crit: HIGH
CVE-DESC.: An Apache Tomcat application server vulnerability is associated with a single offset error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat
CVE-ID: CVE-2023-41080
BDU-ID: 2023-04989
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Apache Tomcat application server is related to URL redirection to an untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to an arbitrary URL
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat
CVE-ID: CVE-2023-42794
BDU-ID: 2023-06729
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Commons FileUpload component of the Apache Tomcat application server exists due to incomplete clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat
CVE-ID: CVE-2023-42795
BDU-ID: 2023-06728
CVE-Crit: HIGH
CVE-DESC.: An Apache Tomcat application server vulnerability exists due to incomplete clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat
CVE-ID: CVE-2023-45648
BDU-ID: 2023-07041
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat
CVE-ID: CVE-2023-44487
BDU-ID: 2023-06559
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging packet receipt. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat