Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu 16.04 LTS: USN-3787-2 Severe: Tomcat HTTP Response Issue

Calendar Oct 10, 2018 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical tomcat ubuntu redirect risk
Tomcat could be made to redirect to arbitrary locations. 
=========================================================================Ubuntu Security Notice USN-3787-1
October 10, 2018

tomcat7, tomcat8 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Tomcat could be made to redirect to arbitrary locations.

Software Description:
- tomcat8: Servlet and JSP engine
- tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled returning redirects to a
directory. A remote attacker could possibly use this issue with a specially
crafted URL to redirect to arbitrary URIs.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libtomcat8-java                 8.0.32-1ubuntu1.8
  tomcat8                         8.0.32-1ubuntu1.8

Ubuntu 14.04 LTS:
  libtomcat7-java                 7.0.52-1ubuntu0.16
  tomcat7                         7.0.52-1ubuntu0.16

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3787-1
  CVE-2018-11784

Package Information:
  https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.8
  https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.16

Ubuntu 16.04 LTS: USN-3787-2 Severe: Tomcat HTTP Response Issue

ubuntu
Calendar Grey October 10, 2018
Dist Ubuntu Esm H88
Vulnerability detected in Tomcat on Ubuntu may allow unauthorized redirection. Ensure your system is up to date to address this security risk.
Tomcat could be made to redirect to arbitrary locations.

Summary

Topics%20covered

Topics Covered

security advisory critical tomcat ubuntu redirect risk

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libtomcat8-java 8.0.32-1ubuntu1.8 tomcat8 8.0.32-1ubuntu1.8 Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.16 tomcat7 7.0.52-1ubuntu0.16 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3787-1

CVE-2018-11784

Severity
critical
Lowest
Low
Medium
High
Critical

October 10, 2018

Topics%20covered

Topics Covered

security advisory critical tomcat ubuntu redirect risk

Package Information

https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.8 https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.16

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here