Описание
Security update for tomcat
This update for tomcat fixes the following issues:
- CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850)
Список пакетов
SUSE Linux Enterprise Server 12 SP3
tomcat-8.0.53-29.16.2
tomcat-admin-webapps-8.0.53-29.16.2
tomcat-docs-webapp-8.0.53-29.16.2
tomcat-el-3_0-api-8.0.53-29.16.2
tomcat-javadoc-8.0.53-29.16.2
tomcat-jsp-2_3-api-8.0.53-29.16.2
tomcat-lib-8.0.53-29.16.2
tomcat-servlet-3_1-api-8.0.53-29.16.2
tomcat-webapps-8.0.53-29.16.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
tomcat-8.0.53-29.16.2
tomcat-admin-webapps-8.0.53-29.16.2
tomcat-docs-webapp-8.0.53-29.16.2
tomcat-el-3_0-api-8.0.53-29.16.2
tomcat-javadoc-8.0.53-29.16.2
tomcat-jsp-2_3-api-8.0.53-29.16.2
tomcat-lib-8.0.53-29.16.2
tomcat-servlet-3_1-api-8.0.53-29.16.2
tomcat-webapps-8.0.53-29.16.2
Ссылки
- Link for SUSE-SU-2018:3393-1
- E-Mail link for SUSE-SU-2018:3393-1
- SUSE Security Ratings
- SUSE Bug 1110850
- SUSE CVE CVE-2018-11784 page
Описание
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.16.2
SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.16.2
SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.16.2
SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.16.2
Ссылки
- CVE-2018-11784
- SUSE Bug 1110850
- SUSE Bug 1122212