Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat to version 8.0.53 fixes the following security issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400) - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379) - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race
#1078677 #1082480 #1082481 #1093697 #1102379
#1102400 #1102410 #1110850
Cross- CVE-2017-15706 CVE-2018-11784 CVE-2018-1304
CVE-2018-1305 CVE-2018-1336 CVE-2018-8014
CVE-2018-8034 CVE-2018-8037
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
https://www.suse.com/security/cve/CVE-2017-15706.html
https://www.suse.com/security/cve/CVE-2018-11784.html
https://www.suse.com/security/cve/CVE-2018-1304.html
https://www.suse.com/security/cve/CVE-2018-1305.html
https://www.suse.com/security/cve/CVE-2018-1336.html
https://www.suse.com/security/cve/CVE-2018-8014.html
https://www.suse.com/security/cve/CVE-2018-8034.html
https://www.suse.com/security/cve/CVE-2018-8037.html
Get the latest Linux and open source security news straight to your inbox.