Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 16.04 LTS Security Advisory USN-4448-1: Tomcat Issues

ubuntu
Calendar Grey August 4, 2020
Dist Ubuntu Esm H88
Various vulnerabilities found in Apache's Tomcat impacting version 9, highlighting risks of Denial of Service (DoS) and unauthorized command execution.
Several security issues were fixed in Tomcat.

Summary

Several security issues were fixed in Tomcat.

Software Description:

- tomcat8: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly validated the payload length in

a WebSocket frame. A remote attacker could possibly use this issue to cause

Tomcat to hang, resulting in a denial of service. (CVE-2020-13935)

It was discovered that Tomcat incorrectly handled HTTP header parsing. In

certain environments where Tomcat is located behind a reverse proxy, a

remote attacker could possibly use this issue to perform HTTP Reqest

Smuggling. (CVE-2020-1935)

It was discovered that Tomcat incorrectly handled certain uncommon

PersistenceManager with FileStore configurations. A remote attacker could

possibly use this issue to execute arbitrary code. (CVE-2020-9484)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libtomcat8-java                 8.0.32-1ubuntu1.13
  tomcat8                         8.0.32-1ubuntu1.13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4448-1

CVE-2020-13935, CVE-2020-1935, CVE-2020-9484

Severity
critical
Lowest
Low
Medium
High
Critical

August 04, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here