SUSE-SU-2016:3081-1 -- SLES tomcatID: oval:org.secpod.oval:def:89045371 | Date: (C)2021-08-03 (M)2023-12-14 |
Class: PATCH | Family: unix |
This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. Security fixes: - CVE-2016-0762: Realm Timing Attack - CVE-2016-5018: Security Manager Bypass - CVE-2016-6794: System Property Disclosure - CVE-2016-6796: Security Manager Bypass - CVE-2016-6797: Unrestricted Access to Global Resources - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests Bug fixes: - Enabled optional setenv.sh script
Platform: |
SUSE Linux Enterprise Server 12 SP2 |