CESA-2019:2205 -- centos 7 tomcatID: oval:org.secpod.oval:def:205275 | Date: (C)2019-09-17 (M)2023-12-20 |
Class: PATCH | Family: unix |
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users * tomcat: Insecure defaults in CORS filter enable "supportsCredentials" for all origins * tomcat: Host name verification missing in WebSocket client For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.