Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.3011.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:3011-1)
Summary:The remote host is missing an update for the 'tomcat' package(s) announced via the SUSE-SU-2018:3011-1 advisory.
Description:Summary:
The remote host is missing an update for the 'tomcat' package(s) announced via the SUSE-SU-2018:3011-1 advisory.

Vulnerability Insight:
This update for tomcat to version 9.0.10 fixes the following issues:

Security issues fixed:
CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with
supplementary characters could have lead to an infinite loop in the
decoder causing a Denial of Service (bsc#1102400).

CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697).

CVE-2018-8034: The host name verification when using TLS with the
WebSocket client was missing. It is now enabled by default (bsc#1102379).

CVE-2018-8037: If an async request was completed by the application at
the same time as the container triggered the async timeout, a race
condition existed that could have resulted in a user seeing a response
intended for a different user. An additional issue was present in the
NIO and NIO2 connectors that did not correctly track the closure of the
connection when an async request was completed by the application and
timed out by the container at the same time. This could also have
resulted in a user seeing a response intended for another user
(bsc#1102410).

Bug fixes:
Avoid overwriting of customer's configuration during update (bsc#1067720)

Disable adding OSGi metadata to JAR files See changelog at [link moved to references](markt
)

Affected Software/OS:
'tomcat' package(s) on SUSE Linux Enterprise Module for Web Scripting 15

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1336
BugTraq ID: 104898
http://www.securityfocus.com/bid/104898
Debian Security Information: DSA-4281 (Google Search)
https://www.debian.org/security/2018/dsa-4281
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
RedHat Security Advisories: RHEA-2018:2188
https://access.redhat.com/errata/RHEA-2018:2188
RedHat Security Advisories: RHEA-2018:2189
https://access.redhat.com/errata/RHEA-2018:2189
RedHat Security Advisories: RHSA-2018:2700
https://access.redhat.com/errata/RHSA-2018:2700
RedHat Security Advisories: RHSA-2018:2701
https://access.redhat.com/errata/RHSA-2018:2701
RedHat Security Advisories: RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2740
RedHat Security Advisories: RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2741
RedHat Security Advisories: RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2742
RedHat Security Advisories: RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2743
RedHat Security Advisories: RHSA-2018:2921
https://access.redhat.com/errata/RHSA-2018:2921
RedHat Security Advisories: RHSA-2018:2930
https://access.redhat.com/errata/RHSA-2018:2930
RedHat Security Advisories: RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2018:2939
RedHat Security Advisories: RHSA-2018:2945
https://access.redhat.com/errata/RHSA-2018:2945
RedHat Security Advisories: RHSA-2018:3768
https://access.redhat.com/errata/RHSA-2018:3768
http://www.securitytracker.com/id/1041375
https://usn.ubuntu.com/3723-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8014
BugTraq ID: 104203
http://www.securityfocus.com/bid/104203
Bugtraq: 20191229 [SECURITY] [DSA 4596-1] tomcat8 security update (Google Search)
https://seclists.org/bugtraq/2019/Dec/43
Debian Security Information: DSA-4596 (Google Search)
https://www.debian.org/security/2019/dsa-4596
https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
RedHat Security Advisories: RHSA-2018:2469
https://access.redhat.com/errata/RHSA-2018:2469
RedHat Security Advisories: RHSA-2018:2470
https://access.redhat.com/errata/RHSA-2018:2470
RedHat Security Advisories: RHSA-2019:0450
https://access.redhat.com/errata/RHSA-2019:0450
RedHat Security Advisories: RHSA-2019:0451
https://access.redhat.com/errata/RHSA-2019:0451
RedHat Security Advisories: RHSA-2019:1529
https://access.redhat.com/errata/RHSA-2019:1529
RedHat Security Advisories: RHSA-2019:2205
https://access.redhat.com/errata/RHSA-2019:2205
http://www.securitytracker.com/id/1040998
http://www.securitytracker.com/id/1041888
https://usn.ubuntu.com/3665-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8034
BugTraq ID: 104895
http://www.securityfocus.com/bid/104895
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E
RedHat Security Advisories: RHSA-2019:0130
https://access.redhat.com/errata/RHSA-2019:0130
RedHat Security Advisories: RHSA-2019:0131
https://access.redhat.com/errata/RHSA-2019:0131
RedHat Security Advisories: RHSA-2019:1159
https://access.redhat.com/errata/RHSA-2019:1159
RedHat Security Advisories: RHSA-2019:1160
https://access.redhat.com/errata/RHSA-2019:1160
RedHat Security Advisories: RHSA-2019:1161
https://access.redhat.com/errata/RHSA-2019:1161
RedHat Security Advisories: RHSA-2019:1162
https://access.redhat.com/errata/RHSA-2019:1162
RedHat Security Advisories: RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3892
http://www.securitytracker.com/id/1041374
Common Vulnerability Exposure (CVE) ID: CVE-2018-8037
BugTraq ID: 104894
http://www.securityfocus.com/bid/104894
https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c@%3Cusers.tomcat.apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E
RedHat Security Advisories: RHSA-2018:2867
https://access.redhat.com/errata/RHSA-2018:2867
RedHat Security Advisories: RHSA-2018:2868
https://access.redhat.com/errata/RHSA-2018:2868
http://www.securitytracker.com/id/1041376
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.