Download
| Alert*
oval:org.secpod.oval:def:89043615
This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up . oval:org.secpod.oval:def:67635 The host is installed with Apache Tomcat 10.x before 10.0.0-M10, 9.0.0.M1 before 9.0.40 or 8.5.0 before 8.5.60 and is prone to a request header mix-up vulnerability. A flaw is present in application, which fails to properly handle an HTTP request header value re-used from the previous stream. Succes ... oval:org.secpod.oval:def:89002845 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up . - CVE-2020-17527: Fixed a HTTP/2 request header mix-up . Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They"re not used ... oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1601379 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this woul ... oval:org.secpod.oval:def:1601412 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this woul ... oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:605407 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. oval:org.secpod.oval:def:2106342 Oracle Solaris 11 - ( CVE-2020-17527 ) oval:org.secpod.oval:def:69854 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. oval:org.secpod.oval:def:1701709 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this woul ... |