Описание
ELSA-2019-0485: tomcat security update (MODERATE)
[0:7.0.76-9]
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
tomcat
7.0.76-9.el7_6
tomcat-admin-webapps
7.0.76-9.el7_6
tomcat-docs-webapp
7.0.76-9.el7_6
tomcat-el-2.2-api
7.0.76-9.el7_6
tomcat-javadoc
7.0.76-9.el7_6
tomcat-jsp-2.2-api
7.0.76-9.el7_6
tomcat-jsvc
7.0.76-9.el7_6
tomcat-lib
7.0.76-9.el7_6
tomcat-servlet-3.0-api
7.0.76-9.el7_6
tomcat-webapps
7.0.76-9.el7_6
Oracle Linux x86_64
tomcat
7.0.76-9.el7_6
tomcat-admin-webapps
7.0.76-9.el7_6
tomcat-docs-webapp
7.0.76-9.el7_6
tomcat-el-2.2-api
7.0.76-9.el7_6
tomcat-javadoc
7.0.76-9.el7_6
tomcat-jsp-2.2-api
7.0.76-9.el7_6
tomcat-jsvc
7.0.76-9.el7_6
tomcat-lib
7.0.76-9.el7_6
tomcat-servlet-3.0-api
7.0.76-9.el7_6
tomcat-webapps
7.0.76-9.el7_6
Связанные CVE
Связанные уязвимости
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...
