tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...

MGASA-2024-0379 Updated tomcat packages fix security vulnerabilities

Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2024-52316: Fixed an authentication bypass when using Jakarta Authentication API bsc1233434. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...