ELSA-2019-2205 -- Oracle tomcatID: oval:org.secpod.oval:def:1504566 | Date: (C)2021-01-12 (M)2023-12-20 |
Class: PATCH | Family: unix |
[0:7.0.76-9] - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo sure of resources - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised us ers - Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable "supportsCredentials" for all origins - Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client - Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat - Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat - Resolves: rhbz#1455483 Add support for characters to the possible whitelist values