Описание
ELSA-2020-4004: tomcat security and bug fix update (IMPORTANT)
[0:7.0.76-15]
- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
[0:7.0.76-14]
- Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
[0:7.0.76-13]
- Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
tomcat
7.0.76-15.el7
tomcat-admin-webapps
7.0.76-15.el7
tomcat-docs-webapp
7.0.76-15.el7
tomcat-el-2.2-api
7.0.76-15.el7
tomcat-javadoc
7.0.76-15.el7
tomcat-jsp-2.2-api
7.0.76-15.el7
tomcat-jsvc
7.0.76-15.el7
tomcat-lib
7.0.76-15.el7
tomcat-servlet-3.0-api
7.0.76-15.el7
tomcat-webapps
7.0.76-15.el7
Oracle Linux x86_64
tomcat
7.0.76-15.el7
tomcat-admin-webapps
7.0.76-15.el7
tomcat-docs-webapp
7.0.76-15.el7
tomcat-el-2.2-api
7.0.76-15.el7
tomcat-javadoc
7.0.76-15.el7
tomcat-jsp-2.2-api
7.0.76-15.el7
tomcat-jsvc
7.0.76-15.el7
tomcat-lib
7.0.76-15.el7
tomcat-servlet-3.0-api
7.0.76-15.el7
tomcat-webapps
7.0.76-15.el7
Связанные CVE
Связанные уязвимости
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.