Package "tomcat8-user"
Name: |
tomcat8-user
|
Description: |
Apache Tomcat 8 - Servlet and JSP engine -- tools to create user instances
|
Latest version: |
8.0.32-1ubuntu1.13 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
tomcat8 |
Homepage: |
http://tomcat.apache.org |
Links
Download "tomcat8-user"
Other versions of "tomcat8-user" in Xenial
Changelog
tomcat8 (8.0.32-1ubuntu1.13) xenial-security; urgency=medium
* SECURITY UPDATE: infinite loop via invalid payload length
- debian/patches/CVE-2020-13935.patch: add additional payload length
validation in java/org/apache/tomcat/websocket/WsFrameBase.java,
java/org/apache/tomcat/websocket/LocalStrings.properties.
- CVE-2020-13935
* SECURITY UPDATE: HTTP Request Smuggling via invalid request smuggling
- debian/patches/CVE-2020-1935.patch: use stricter header value
parsing in java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
java/org/apache/coyote/http11/InternalAprInputBuffer.java,
java/org/apache/coyote/http11/InternalInputBuffer.java,
java/org/apache/tomcat/util/http/MimeHeaders.java,
java/org/apache/tomcat/util/http/parser/HttpParser.java,
test/org/apache/coyote/http11/TestInternalInputBuffer.java.
- CVE-2020-1935
* SECURITY UPDATE: remote code execution via deserialization of a file
under the attacker's control
- debian/patches/CVE-2020-9484.patch: improve validation of storage
location when using FileStore in
java/org/apache/catalina/session/FileStore.java,
java/org/apache/catalina/session/LocalStrings.properties.
- CVE-2020-9484
-- Marc Deslauriers <email address hidden> Mon, 03 Aug 2020 06:53:09 -0400
|
Source diff to previous version |
CVE-2020-13935 |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and |
CVE-2020-1935 |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that al |
CVE-2020-9484 |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to contr |
|
tomcat8 (8.0.32-1ubuntu1.11) xenial-security; urgency=medium
* SECURITY UPDATE: JMX interface authentication bypass
- debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry
creation in JmxRemoteLifecycleListener.java.
- CVE-2019-12418
* SECURITY UPDATE: session fixation attack in FORM authentication
- debian/patches/CVE-2019-17563.patch: refactor so Principal is never
cached in session with cache==false in
java/org/apache/catalina/authenticator/AuthenticatorBase.java,
java/org/apache/catalina/authenticator/Constants.java,
java/org/apache/catalina/authenticator/FormAuthenticator.java.
- CVE-2019-17563
-- Marc Deslauriers <email address hidden> Fri, 24 Jan 2020 11:24:30 -0500
|
Source diff to previous version |
CVE-2019-12418 |
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker witho |
CVE-2019-17563 |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker |
|
tomcat8 (8.0.32-1ubuntu1.9) xenial; urgency=medium
* d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
filtering in WebappClassLoader (LP: #1606331).
-- Karl Stenerud <email address hidden> Mon, 10 Dec 2018 15:08:07 +0100
|
Source diff to previous version |
1606331 |
StringIndexOutOfBoundsException - Tomcat8.0.32 |
|
tomcat8 (8.0.32-1ubuntu1.8) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary redirect issue
- debian/patches/CVE-2018-11784.patch: avoid protocol relative
redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
- CVE-2018-11784
-- Marc Deslauriers <email address hidden> Tue, 09 Oct 2018 11:28:36 -0400
|
CVE-2018-11784 |
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. |
|
About
-
Send Feedback to @ubuntu_updates