Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

SUSE: 2018:3388-1 Moderate: Tomcat Security Fix for Denial of Service

suse
Calendar Grey October 24, 2018
Dist Suse Esm H88
SUSE Security Advisory: Tomcat Upgrade Addressing 8 Security Flaws Rated Moderate Threat Level
An update that fixes 8 vulnerabilities is now available

Summary

This update for tomcat to version 8.0.53 fixes the following security issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400) - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379) - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race

References

#1078677 #1082480 #1082481 #1093697 #1102379

#1102400 #1102410 #1110850

Cross- CVE-2017-15706 CVE-2018-11784 CVE-2018-1304

CVE-2018-1305 CVE-2018-1336 CVE-2018-8014

CVE-2018-8034 CVE-2018-8037

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2017-15706.html

https://www.suse.com/security/cve/CVE-2018-11784.html

https://www.suse.com/security/cve/CVE-2018-1304.html

https://www.suse.com/security/cve/CVE-2018-1305.html

https://www.suse.com/security/cve/CVE-2018-1336.html

https://www.suse.com/security/cve/CVE-2018-8014.html

https://www.suse.com/security/cve/CVE-2018-8034.html

https://www.suse.com/security/cve/CVE-2018-8037.html

Announcement ID: SUSE-SU-2018:3388-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.