3 matches found
CLSA-2024-1725471295 Fix CVE(s): CVE-2022-23181
SECURITY UPDATE: time of check to time of use vulnerability - debian/patches/CVE-2022-23181.patch: make calculation of session storage location more robust - CVE-2022-23181...
CLSA-2024-1724260496 Fix CVE(s): CVE-2020-9484, CVE-2021-25329, CVE-2022-23181
SECURITY UPDATE: still vulnerable to CVE-2020-9484 with a configuration edge case - debian/patches/CVE-2021-25329.patch: use java.nio.file.Path for consistent sub-directory checking - CVE-2021-25329 SECURITY UPDATE: time-of-check to time-of-use vulnerability introduced by the CVE-2020-9484 fix -...
Medium: tomcat9
Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...