RHSA-2019:1529-01 -- Redhat apache-commons-collections, apache-commons-lang, bea-stax, glassfish-fastinfoset, glassfish-jaxb, glassfish-jaxb-api, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, jackson-module-jaxb-annotations, jakarta-commons-httpclient, javassist, pki-servlet-container, python-nss, relaxngDatatype, resteasy, slf4j, stax-ex, velocity, xalan-j2, xerces-j2, xml-commons-apis, xml-commons-resolver, xmlstreambuffer, xsom-0| ID: oval:org.secpod.oval:def:503144 | Date: (C)2019-05-31 (M)2023-12-20 |
| Class: PATCH | Family: unix |
The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix: * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up * tomcat: Insecure defaults in CORS filter enable "supportsCredentials" for all origins * tomcat: Open redirect in default servlet * tomcat: Host name verification missing in WebSocket client For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
| Platform: |
| Red Hat Enterprise Linux 8 |
| Product: |
| apache-commons-collections |
| apache-commons-lang |
| bea-stax |
| glassfish-fastinfoset |
| glassfish-jaxb |
| glassfish-jaxb-api |
| jackson-annotations |
| jackson-core |
| jackson-databind |
| jackson-jaxrs-providers |
| jackson-module-jaxb-annotations |
| jakarta-commons-httpclient |
| javassist |
| pki-servlet-container |
| python-nss |
| relaxngDatatype |
| resteasy |
| slf4j |
| stax-ex |
| velocity |
| xalan-j2 |
| xerces-j2 |
| xml-commons-apis |
| xml-commons-resolver |
| xmlstreambuffer |
| xsom-0 |
