Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 516
Alerts This Week
Warning Icon 1 516

Ubuntu 16.04 LTS: USN-3787-2 Severe: Tomcat HTTP Response Issue

ubuntu
Calendar Grey October 10, 2018
Dist Ubuntu Esm H88
Vulnerability detected in Tomcat on Ubuntu may allow unauthorized redirection. Ensure your system is up to date to address this security risk.
Tomcat could be made to redirect to arbitrary locations.

Summary

Tomcat could be made to redirect to arbitrary locations.

Software Description:

- tomcat8: Servlet and JSP engine

- tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled returning redirects to a

directory. A remote attacker could possibly use this issue with a specially

crafted URL to redirect to arbitrary URIs.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libtomcat8-java                 8.0.32-1ubuntu1.8
  tomcat8                         8.0.32-1ubuntu1.8

Ubuntu 14.04 LTS:
  libtomcat7-java                 7.0.52-1ubuntu0.16
  tomcat7                         7.0.52-1ubuntu0.16

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3787-1

CVE-2018-11784

Severity
critical
Lowest
Low
Medium
High
Critical

October 10, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.