Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:0539

Опубликовано: 12 фев. 2024
Источник: rocky
Оценка: Important

Описание

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

  • tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
tomcatnoarch27.el8_9.3tomcat-9.0.62-27.el8_9.3.noarch.rpm
tomcat-admin-webappsnoarch27.el8_9.3tomcat-admin-webapps-9.0.62-27.el8_9.3.noarch.rpm
tomcat-docs-webappnoarch27.el8_9.3tomcat-docs-webapp-9.0.62-27.el8_9.3.noarch.rpm
tomcat-el-3.0-apinoarch27.el8_9.3tomcat-el-3.0-api-9.0.62-27.el8_9.3.noarch.rpm
tomcat-jsp-2.3-apinoarch27.el8_9.3tomcat-jsp-2.3-api-9.0.62-27.el8_9.3.noarch.rpm
tomcat-libnoarch27.el8_9.3tomcat-lib-9.0.62-27.el8_9.3.noarch.rpm
tomcat-servlet-4.0-apinoarch27.el8_9.3tomcat-servlet-4.0-api-9.0.62-27.el8_9.3.noarch.rpm
tomcat-webappsnoarch27.el8_9.3tomcat-webapps-9.0.62-27.el8_9.3.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-46589

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-46589

CVSS3: 7.5
ubuntu
больше 1 года назад

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

redhat логотип

CVE-2023-46589

CVSS3: 7.5
redhat
больше 1 года назад

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

nvd логотип

CVE-2023-46589

CVSS3: 7.5
nvd
больше 1 года назад

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

debian логотип

CVE-2023-46589

CVSS3: 7.5
debian
больше 1 года назад

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...

suse-cvrf логотип

SUSE-SU-2024:0209-1

suse-cvrf
больше 1 года назад

Security update for tomcat