tomcat-servlet-3.0-api-7.0.76-16.el7_9.noarch
[211 KiB] |
Changelog
by Hui Wang (2020-09-23):
- Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
|
tomcat-servlet-3.0-api-7.0.76-15.el7.noarch
[211 KiB] |
Changelog
by Coty Sutherland (2020-07-17):
- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
|
tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch
[210 KiB] |
Changelog
by Coty Sutherland (2020-05-21):
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
|
tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch
[210 KiB] |
Changelog
by Coty Sutherland (2020-03-03):
- Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
|
tomcat-servlet-3.0-api-7.0.76-9.el7_6.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
|
tomcat-servlet-3.0-api-7.0.76-9.el7.noarch
[210 KiB] |
Changelog
by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values
|
tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2018-10-01):
- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
|
tomcat-servlet-3.0-api-7.0.76-3.el7_4.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2017-10-12):
- Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision
|
tomcat-servlet-3.0-api-7.0.76-2.el7.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2017-06-08):
- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
|
tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2017-06-09):
- Resolves: rhbz#1441487 CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object
- Resolves: rhbz#1441480 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
- Resolves: rhbz#1459746 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
|
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2017-03-28):
- Resolves: rhbz#1413591 CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- Resolves: rhbz#1402662 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
|
tomcat-servlet-3.0-api-7.0.69-10.el7.noarch
[209 KiB] |
Changelog
by Coty Sutherland (2016-08-25):
- Related: rhbz#1368122
|
tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch
[206 KiB] |
Changelog
by Coty Sutherland (2016-08-25):
- Resolves: rhbz#1368121
|
tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch
[206 KiB] |
Changelog
by David Knox (2015-03-24):
- Resovles: CVE-2014-0227
|
tomcat-servlet-3.0-api-7.0.54-1.el7.noarch
[206 KiB] |
Changelog
by David Knox (2014-09-17):
- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd
- artifacts. Rebase on 7.0.54.
|
tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch
[186 KiB] |
Changelog
by David Knox (2014-07-22):
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119
|
tomcat-servlet-3.0-api-7.0.42-6.el7_0.noarch
[186 KiB] |
Changelog
by David Knox (2014-06-11):
- Resolves: CVE-2014-0099 Fix possible overflow when parsing
- long values from byte array
- Resolves: CVE-2014-0096 Information discloser process XSLT
- files not subject to same constraint running under
- java security manager
- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
|
tomcat-servlet-3.0-api-7.0.42-5.el7_0.noarch
[186 KiB] |
Changelog
by David Knox (2014-04-16):
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.
|