Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2020:0038-1
HistoryJan 14, 2020 - 12:00 a.m.

Security update for tomcat (important)

2020-01-1400:00:00
lists.opensuse.org
63

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

An update that fixes three vulnerabilities is now available.

Description:

This update for tomcat to version 9.0.30 fixes the following issues:

Security issue fixed:

  • CVE-2019-12418: Fixed a local privilege escalation through by
    manipulating the RMI registry and performing a man-in-the-middle attack
    (bsc#1159723).
  • CVE-2019-17563: Fixed a session fixation attack when using FORM
    authentication (bsc#1159729).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2020-38=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1noarch< - openSUSE Leap 15.1 (noarch):- openSUSE Leap 15.1 (noarch):.noarch.rpm

Related

openvas 24
nessus 51
amazon 2
mageia 2
ibm 12
osv 11
debian 5
ubuntu 3
tomcat 7
gentoo 1
redhat 9
kaspersky 3
cisa 1
symantec 4
photon 11
zdi 1
cve 3
github 3
atlassian 6
f5 3
ubuntucve 3
debiancve 3
prion 3
veracode 3
redhatcve 3
cgr 2
hackerone 1
centos 1
oraclelinux 1
threatpost 1
rosalinux 1
oracle 7
openvas
openvas
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0038-1)
2020-01-14 00:00:00
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)
2020-02-25 00:00:00
Ubuntu: Security Advisory for tomcat8 (USN-4251-1)
2020-01-28 00:00:00
nessus
nessus
openSUSE Security Update : tomcat (openSUSE-2020-38)
2020-01-15 00:00:00
Debian DLA-2077-1 : tomcat7 security update
2020-01-28 00:00:00
Photon OS 2.0: Apache PHSA-2020-2.0-0200
2020-01-16 00:00:00
amazon
amazon
Medium: tomcat8
2020-01-14 18:18:00
Important: tomcat
2023-05-11 17:49:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2020-01-28 10:52:40
Updated tomcat packages fix security vulnerabilities
2019-09-08 17:09:05
ibm
ibm
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities.
2020-04-24 04:47:22
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563)
2020-07-24 22:19:08
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
2020-02-11 07:10:49
osv
osv
tomcat7 - security update
2020-01-27 00:00:00
tomcat9 - security update
2020-05-06 00:00:00
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
2019-12-26 18:22:26
debian
debian
[SECURITY] [DLA 2077-1] tomcat7 security update
2020-01-27 23:13:25
[SECURITY] [DSA 4680-1] tomcat9 security update
2020-05-06 20:58:40
[SECURITY] [DLA 2155-1] tomcat8 security update
2020-03-24 13:23:18
ubuntu
ubuntu
Tomcat vulnerabilities
2020-01-27 00:00:00
Tomcat vulnerabilities
2019-09-10 00:00:00
Tomcat vulnerabilities
2019-09-18 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.99
2019-12-17 00:00:00
Fixed in Apache Tomcat 9.0.30
2019-12-12 00:00:00
Fixed in Apache Tomcat 8.5.50
2019-12-12 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2020-03-19 00:00:00
redhat
redhat
(RHSA-2020:0861) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:11
(RHSA-2020:0860) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:05
(RHSA-2020:1521) Important: Red Hat JBoss Web Server 5.3 release
2020-04-21 10:36:39
kaspersky
kaspersky
KLA11571 DoS vulnerability in Apache Tomcat
2019-05-13 00:00:00
KLA11626 SB vulnerability in Apache Tomcat
2019-12-12 00:00:00
KLA11627 SB vulnerability in Apache Tomcat
2019-11-21 00:00:00
cisa
cisa
Apache Releases Security Advisory for Apache Tomcat
2019-06-20 00:00:00
symantec
symantec
Apache Tomcat CVE-2019-10072 Incomplete Fix Denial of Service Vulnerability
2019-06-20 00:00:00
Apache Tomcat CVE-2019-17563 Session Fixation Vulnerability
2019-12-18 00:00:00
Apache Tomcat CVE-2019-12418 Local Privilege Escalation Vulnerability
2019-12-18 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0244
2019-07-19 00:00:00
Important Photon OS Security Update - PHSA-2020-0051
2020-01-23 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0051
2020-01-23 00:00:00
zdi
zdi
Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability
2019-06-21 00:00:00
cve
cve
CVE-2019-17563
2019-12-23 17:15:00
CVE-2019-12418
2019-12-23 18:15:00
CVE-2019-10072
2019-06-21 18:15:00
github
github
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
2019-12-26 18:22:26
Insufficiently Protected Credentials in Apache Tomcat
2019-12-26 18:22:36
Improper Locking in Apache Tomcat
2019-06-26 01:09:40
atlassian
atlassian
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
2020-01-15 15:29:54
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
2020-04-30 09:04:13
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
2020-01-15 15:29:54
f5
f5
K24551552 : Apache Tomcat vulnerability CVE-2019-17563
2020-01-23 00:00:00
K10107360 : Apache Tomcat vulnerability CVE-2019-12418
2020-01-07 00:00:00
K17321505 : Apache Tomcat vulnerability CVE-2019-10072
2019-06-27 00:00:00
ubuntucve
ubuntucve
CVE-2019-17563
2019-12-23 00:00:00
CVE-2019-12418
2019-12-23 00:00:00
CVE-2019-10072
2019-06-21 00:00:00
debiancve
debiancve
CVE-2019-17563
2019-12-23 17:15:00
CVE-2019-12418
2019-12-23 18:15:00
CVE-2019-10072
2019-06-21 18:15:00
prion
prion
Session fixation
2019-12-23 17:15:00
Design/Logic Flaw
2019-12-23 18:15:00
Code injection
2019-06-21 18:15:00
veracode
veracode
Session Fixation
2019-12-19 08:29:44
Privilege Escalation
2019-12-23 08:45:46
Denial Of Service (DoS)
2019-06-21 05:42:50
redhatcve
redhatcve
CVE-2019-17563
2019-12-20 18:38:45
CVE-2019-12418
2020-04-09 10:13:44
CVE-2019-10072
2019-06-25 08:51:26
cgr
cgr
CVE-2019-17563 vulnerabilities
2024-04-20 03:06:00
CVE-2019-12418 vulnerabilities
2024-04-20 03:06:00
hackerone
hackerone
U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE
2020-05-14 19:38:44
centos
centos
tomcat security update
2020-10-20 19:04:26
oraclelinux
oraclelinux
tomcat security and bug fix update
2020-10-06 00:00:00
threatpost
threatpost
Oracle Ties Previous All-Time Patch High with January Updates
2020-01-14 23:43:10
rosalinux
rosalinux
Advisory ROSA-SA-2021-1988
2021-07-02 18:17:52
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON
Related for OPENSUSE-SU-2020:0038-1
openvas24nessus51amazon2mageia2ibm12osv11debian5ubuntu3tomcat7gentoo1redhat9kaspersky3cisa1symantec4photon11zdi1cve3github3atlassian6f53ubuntucve3debiancve3prion3veracode3redhatcve3cgr2hackerone1centos1oraclelinux1threatpost1rosalinux1oracle7