RHSA-2019:1529-01 -- Redhat apache-commons-collections, apache-commons-lang, bea-stax, glassfish-fastinfoset, glassfish-jaxb, glassfish-jaxb-api, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, jackson-module-jaxb-annotations, jakarta-commons-httpclient, javassist, pki-servlet-container, python-nss, relaxngDatatype, resteasy, slf4j, stax-ex, velocity, xalan-j2, xerces-j2, xml-commons-apis, xml-commons-resolver, xmlstreambuffer, xsom-0ID: oval:org.secpod.oval:def:503144 | Date: (C)2019-05-31 (M)2023-12-20 |
Class: PATCH | Family: unix |
The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix: * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up * tomcat: Insecure defaults in CORS filter enable "supportsCredentials" for all origins * tomcat: Open redirect in default servlet * tomcat: Host name verification missing in WebSocket client For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
apache-commons-collections |
apache-commons-lang |
bea-stax |
glassfish-fastinfoset |
glassfish-jaxb |
glassfish-jaxb-api |
jackson-annotations |
jackson-core |
jackson-databind |
jackson-jaxrs-providers |
jackson-module-jaxb-annotations |
jakarta-commons-httpclient |
javassist |
pki-servlet-container |
python-nss |
relaxngDatatype |
resteasy |
slf4j |
stax-ex |
velocity |
xalan-j2 |
xerces-j2 |
xml-commons-apis |
xml-commons-resolver |
xmlstreambuffer |
xsom-0 |