Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Tomcat.
Software Description:
- tomcat8: Servlet and JSP engine
- tomcat7: Servlet and JSP engine
- tomcat6: Servlet and JSP engine
Details:
It was discovered that the Tomcat realm implementations incorrectly handled
passwords when a username didn't exist. A remote attacker could possibly
use this issue to enumerate usernames. This issue only applied to Ubuntu
12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly
limited use of a certain utility method. A malicious application could
possibly use this to bypass Security Manager restrictions. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5018)
It was discovered that Tomcat did not protect applications from untrusted
data in the HTTP_PROXY environment variable. A remote attacker could
possibly use this issue to redirect outbound traffic to an ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libtomcat8-java 8.0.37-1ubuntu0.1 tomcat8 8.0.37-1ubuntu0.1 Ubuntu 16.04 LTS: libtomcat8-java 8.0.32-1ubuntu1.3 tomcat8 8.0.32-1ubuntu1.3 Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.8 tomcat7 7.0.52-1ubuntu0.8 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.9 tomcat6 6.0.35-1ubuntu3.9 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3177-1
CVE-2016-0762, CVE-2016-5018, CVE-2016-5388, CVE-2016-6794,
CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735,
CVE-2016-8745, CVE-2016-9774, CVE-2016-9775
Get the latest Linux and open source security news straight to your inbox.