Several security issues were fixed in tomcat8, tomcat9, tomcat10.
Software Description:
- tomcat9: Servlet and JSP engine
- tomcat10: Servlet and JSP engine
- tomcat8: Servlet and JSP engine
Details:
It was discovered that Tomcat did not include the secure attribute for
session cookies when using the RemoteIpFilter with requests from a reverse
proxy. An attacker could possibly use this issue to leak sensitive
information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for
tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.
(CVE-2023-28708)
It was discovered that Tomcat incorrectly recycled certain objects, which
could lead to information leaking from one request to the next. An attacker
could potentially use this issue to leak sensitive information. This issue was
fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS,
Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-42795)
It was discovered that Tomcat incorrectly hand...
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtomcat9-java 9.0.70-2ubuntu1.25.04.2 Ubuntu 24.10 libtomcat9-java 9.0.70-2ubuntu1.24.10.2 Ubuntu 24.04 LTS libtomcat10-java 10.1.16-1ubuntu0.1~esm2 Available with Ubuntu Pro libtomcat9-java 9.0.70-2ubuntu0.1+esm2 Available with Ubuntu Pro </font></pre>
Get the latest Linux and open source security news straight to your inbox.