Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-6570

Опубликовано: 11 нояб. 2023
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2023-6570: tomcat security and bug fix update (MODERATE)

[1:9.0.62-37]

  • Resolves: RHEL-12551
  • Remove JDK subpackges which are unused

[1:9.0.62-16]

  • Related: #2184133 Declare file conflicts

[1:9.0.62-15]

  • Resolves: #2184133 Fix bug in Obsoletes

[1:9.0.62-14]

  • Resolves: #2210632 CVE-2023-28709 tomcat

[1:9.0.62-13]

  • Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3

[1:9.0.62-12]

  • Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
  • Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
  • Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
  • Resolves: #2210632 CVE-2023-28709
  • Resolves: #2184133 Add Obsoletes to tomcat package
  • Update patch command
  • Update source to include the CVE fixes

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

tomcat

9.0.62-37.el9_3

tomcat-admin-webapps

9.0.62-37.el9_3

tomcat-docs-webapp

9.0.62-37.el9_3

tomcat-el-3.0-api

9.0.62-37.el9_3

tomcat-jsp-2.3-api

9.0.62-37.el9_3

tomcat-lib

9.0.62-37.el9_3

tomcat-servlet-4.0-api

9.0.62-37.el9_3

tomcat-webapps

9.0.62-37.el9_3

Oracle Linux x86_64

tomcat

9.0.62-37.el9_3

tomcat-admin-webapps

9.0.62-37.el9_3

tomcat-docs-webapp

9.0.62-37.el9_3

tomcat-el-3.0-api

9.0.62-37.el9_3

tomcat-jsp-2.3-api

9.0.62-37.el9_3

tomcat-lib

9.0.62-37.el9_3

tomcat-servlet-4.0-api

9.0.62-37.el9_3

tomcat-webapps

9.0.62-37.el9_3

Связанные CVE

CVE-2023-28708
CVE-2023-28709
CVE-2023-24998

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2023-7065

oracle-oval
больше 1 года назад

ELSA-2023-7065: tomcat security and bug fix update (MODERATE)

suse-cvrf логотип

SUSE-SU-2023:1769-1

suse-cvrf
около 2 лет назад

Security update for tomcat

suse-cvrf логотип

SUSE-SU-2023:2505-1

suse-cvrf
около 2 лет назад

Security update for tomcat

ubuntu логотип

CVE-2023-28708

CVSS3: 4.3
ubuntu
больше 2 лет назад

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

redhat логотип

CVE-2023-28708

CVSS3: 4.3
redhat
больше 2 лет назад

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.