Описание
Security update for tomcat
This update for tomcat to 9.0.12 fixes the following issues:
See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
Security issues fixed:
- CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 15
tomcat-9.0.12-3.8.3
tomcat-admin-webapps-9.0.12-3.8.3
tomcat-el-3_0-api-9.0.12-3.8.3
tomcat-jsp-2_3-api-9.0.12-3.8.3
tomcat-lib-9.0.12-3.8.3
tomcat-servlet-4_0-api-9.0.12-3.8.3
tomcat-webapps-9.0.12-3.8.3
Ссылки
- Link for SUSE-SU-2018:3968-1
- E-Mail link for SUSE-SU-2018:3968-1
- SUSE Security Ratings
- SUSE Bug 1110850
- SUSE CVE CVE-2018-11784 page
Описание
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.12-3.8.3
SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.12-3.8.3
SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.12-3.8.3
SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.12-3.8.3
Ссылки
- CVE-2018-11784
- SUSE Bug 1110850
- SUSE Bug 1122212