SUSE-SU-2020:0632-1 -- SLES tomcatID: oval:org.secpod.oval:def:89043860 | Date: (C)2021-03-05 (M)2024-05-09 |
Class: PATCH | Family: unix |
This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams . - CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry . - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication . - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling . - CVE-2020-1935: Fixed an HTTP Request Smuggling issue . - CVE-2020-1938: Fixed a file contents disclosure vulnerability .
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |