[Forgot Password]
Login  Register Subscribe

24003

 
 

131517

 
 

106747

 
 

909

 
 

84719

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2017:3081 -- centos 7 tomcat

ID: oval:org.secpod.oval:def:204699Date: (C)2017-12-11   (M)2018-05-11
Class: PATCHFamily: unix




Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. * A vulnerability was discovered in Tomcat where the CORS Filter did not send a "Vary: Origin" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches

Platform:
CentOS 7
Product:
tomcat
Reference:
CESA-2017:3081
CVE-2017-12615
CVE-2017-12617
CVE-2017-5647
CVE-2017-7674
CVE    4
CVE-2017-12615
CVE-2017-5647
CVE-2017-12617
CVE-2017-7674
...
CPE    218
cpe:/a:apache:tomcat:7.0
cpe:/a:apache:tomcat:6.0.50
cpe:/a:apache:tomcat:6.0.52
cpe:/a:apache:tomcat:6.0.51
...

© 2013 SecPod Technologies