Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-6570

Опубликовано: 11 нояб. 2023
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2023-6570: tomcat security and bug fix update (MODERATE)

[1:9.0.62-37]

  • Resolves: RHEL-12551
  • Remove JDK subpackges which are unused

[1:9.0.62-16]

  • Related: #2184133 Declare file conflicts

[1:9.0.62-15]

  • Resolves: #2184133 Fix bug in Obsoletes

[1:9.0.62-14]

  • Resolves: #2210632 CVE-2023-28709 tomcat

[1:9.0.62-13]

  • Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3

[1:9.0.62-12]

  • Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
  • Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
  • Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
  • Resolves: #2210632 CVE-2023-28709
  • Resolves: #2184133 Add Obsoletes to tomcat package
  • Update patch command
  • Update source to include the CVE fixes

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

tomcat

9.0.62-37.el9_3

tomcat-admin-webapps

9.0.62-37.el9_3

tomcat-docs-webapp

9.0.62-37.el9_3

tomcat-el-3.0-api

9.0.62-37.el9_3

tomcat-jsp-2.3-api

9.0.62-37.el9_3

tomcat-lib

9.0.62-37.el9_3

tomcat-servlet-4.0-api

9.0.62-37.el9_3

tomcat-webapps

9.0.62-37.el9_3

Oracle Linux x86_64

tomcat

9.0.62-37.el9_3

tomcat-admin-webapps

9.0.62-37.el9_3

tomcat-docs-webapp

9.0.62-37.el9_3

tomcat-el-3.0-api

9.0.62-37.el9_3

tomcat-jsp-2.3-api

9.0.62-37.el9_3

tomcat-lib

9.0.62-37.el9_3

tomcat-servlet-4.0-api

9.0.62-37.el9_3

tomcat-webapps

9.0.62-37.el9_3

Связанные CVE

CVE-2023-28708
CVE-2023-28709
CVE-2023-24998

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2023-7065

oracle-oval
около 2 лет назад

ELSA-2023-7065: tomcat security and bug fix update (MODERATE)

suse-cvrf логотип

SUSE-SU-2023:1769-1

suse-cvrf
почти 3 года назад

Security update for tomcat

suse-cvrf логотип

SUSE-SU-2023:2505-1

suse-cvrf
больше 2 лет назад

Security update for tomcat

ubuntu логотип

CVE-2023-28708

CVSS3: 4.3
ubuntu
почти 3 года назад

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.

redhat логотип

CVE-2023-28708

CVSS3: 4.3
redhat
почти 3 года назад

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.