2 matches found
SUSE-SU-2020:2996-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 - Don't give write permissions for the tomcat group on files and directories where it's not needed bsc1172562 - Use %tmpfilescreate macro in %post instead of calling systemd-tmpfiles direct...
CVE-2016-6325
The Tomcat package on Red Hat Enterprise Linux RHEL 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for 1 /etc/sysconfig/tomcat and 2 /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group...