Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4596-1:D180A
HistoryDec 27, 2019 - 10:15 p.m.

[SECURITY] [DSA 4596-1] tomcat8 security update

2019-12-2722:15:49
lists.debian.org
165

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.791 High

EPSS

Percentile

98.3%

JSON

Debian Security Advisory DSA-4596-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq

Package : tomcat8
CVE ID : CVE-2018-8014 CVE-2018-11784 CVE-2019-0199 CVE-2019-0221
CVE-2019-12418 CVE-2019-17563

Several issues were discovered in the Tomcat servlet and JSP engine, which
could result in session fixation attacks, information disclosure, cross-
site scripting, denial of service via resource exhaustion and insecure
redirects.

For the oldstable distribution (stretch), these problems have been fixed
in version 8.5.50-0+deb9u1. This update also requires an updated version
of tomcat-native which has been updated to 1.2.21-1~deb9u1.

We recommend that you upgrade your tomcat8 packages.

For the detailed security status of tomcat8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat8

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9alllibservlet3.1-java-doc< 8.5.50-0+deb9u1libservlet3.1-java-doc_8.5.50-0+deb9u1_all.deb
Debian9alllibtomcat8-java< 8.5.50-0+deb9u1libtomcat8-java_8.5.50-0+deb9u1_all.deb
Debian9alltomcat8-user< 8.5.50-0+deb9u1tomcat8-user_8.5.50-0+deb9u1_all.deb
Debian9alltomcat8-admin< 8.5.50-0+deb9u1tomcat8-admin_8.5.50-0+deb9u1_all.deb
Debian9alltomcat8-common< 8.5.50-0+deb9u1tomcat8-common_8.5.50-0+deb9u1_all.deb
Debian8alltomcat7-user< 7.0.56-3+really7.0.94-1tomcat7-user_7.0.56-3+really7.0.94-1_all.deb
Debian8alltomcat8-user< 8.0.14-1+deb8u15tomcat8-user_8.0.14-1+deb8u15_all.deb
Debian8alltomcat7-examples< 7.0.56-3+really7.0.94-1tomcat7-examples_7.0.56-3+really7.0.94-1_all.deb
Debian8alllibtomcat8-java< 8.0.14-1+deb8u15libtomcat8-java_8.0.14-1+deb8u15_all.deb
Debian9alllibtomcat8-embed-java< 8.5.50-0+deb9u1libtomcat8-embed-java_8.5.50-0+deb9u1_all.deb
Rows per page:
1-10 of 281

Related

nessus 53
osv 10
openvas 43
fedora 4
redhat 5
gentoo 1
amazon 6
mageia 3
ibm 13
ubuntu 4
debian 4
symantec 2
suse 5
hackerone 1
tomcat 3
rocky 1
oraclelinux 3
almalinux 1
ubuntucve 3
cve 3
github 3
debiancve 3
prion 2
f5 2
cvelist 2
kaspersky 2
photon 1
veracode 4
zdt 1
packetstorm 1
redhatcve 2
nuclei 1
nvd 3
centos 1
checkpoint_advisories 1
atlassian 2
nessus
nessus
Debian DSA-4596-1 : tomcat8 - security update
2019-12-30 00:00:00
GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities
2020-03-20 00:00:00
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)
2020-03-18 00:00:00
osv
osv
tomcat8 - security update
2019-12-27 00:00:00
tomcat7 - security update
2020-01-27 00:00:00
tomcat8 - security update
2019-08-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4596-1)
2019-12-29 00:00:00
Fedora Update for tomcat FEDORA-2019-d66febb5df
2019-07-05 00:00:00
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)
2020-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29
2019-07-04 02:51:06
[SECURITY] Fedora 30 Update: tomcat-9.0.21-1.fc30
2019-06-25 01:27:24
[SECURITY] Fedora 28 Update: tomcat-8.5.35-1.fc28
2019-04-03 02:02:31
redhat
redhat
(RHSA-2020:0860) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:05
(RHSA-2020:0861) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:11
(RHSA-2019:1529) Important: pki-deps:10.6 security update
2019-06-18 16:36:21
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2020-03-19 00:00:00
amazon
amazon
Medium: tomcat8
2020-01-14 18:18:00
Important: tomcat8
2019-07-17 23:21:00
Important: tomcat8
2019-05-16 23:11:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2020-01-28 10:52:40
Updated tomcat packages fix security vulnerabilities
2019-09-08 17:09:05
Updated tomcat packages fix security vulnerabilities
2018-12-10 00:20:39
ibm
ibm
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities.
2020-04-24 04:47:22
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
2020-02-19 00:16:06
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
2020-02-11 07:10:49
ubuntu
ubuntu
Tomcat vulnerabilities
2020-01-27 00:00:00
Tomcat vulnerabilities
2019-09-10 00:00:00
Tomcat vulnerabilities
2019-09-18 00:00:00
debian
debian
[SECURITY] [DLA 2077-1] tomcat7 security update
2020-01-27 23:13:25
[SECURITY] [DLA 1883-1] tomcat8 security update
2019-08-13 19:30:16
[SECURITY] [DLA 1545-1] tomcat8 security update
2018-10-15 16:56:28
symantec
symantec
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
2020-05-12 19:02:01
Apache Tomcat CVE-2019-17563 Session Fixation Vulnerability
2019-12-18 00:00:00
suse
suse
Security update for tomcat (moderate)
2019-06-30 00:00:00
Security update for tomcat (moderate)
2019-07-25 00:00:00
Security update for tomcat (important)
2020-01-14 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE
2020-05-14 19:38:44
tomcat
tomcat
Fixed in Apache Tomcat 7.0.99
2019-12-17 00:00:00
Fixed in Apache Tomcat 9.0.9
2018-03-09 00:00:00
Fixed in Apache Tomcat 7.0.89
2018-03-09 00:00:00
rocky
rocky
pki-deps:10.6 security update
2019-06-18 16:36:21
oraclelinux
oraclelinux
pki-deps:10.6 security update
2019-07-30 00:00:00
tomcat security update
2019-03-13 00:00:00
tomcat security, bug fix, and enhancement update
2019-08-13 00:00:00
almalinux
almalinux
Important: pki-deps:10.6 security update
2019-06-18 16:36:21
ubuntucve
ubuntucve
CVE-2018-8014
2018-05-16 00:00:00
CVE-2018-11784
2018-10-04 00:00:00
CVE-2019-17563
2019-12-23 00:00:00
cve
cve
CVE-2018-8014
2018-05-16 16:29:00
CVE-2019-17563
2019-12-23 17:15:11
CVE-2018-11784
2018-10-04 13:29:00
github
github
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
2018-10-17 16:32:32
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
2019-12-26 18:22:26
Apache Tomcat Open Redirect vulnerability
2018-10-17 16:31:02
debiancve
debiancve
CVE-2018-8014
2018-05-16 16:29:00
CVE-2018-11784
2018-10-04 13:29:00
CVE-2019-17563
2019-12-23 17:15:11
prion
prion
Default configuration
2018-05-16 16:29:00
Design/Logic Flaw
2018-10-04 13:29:00
f5
f5
K11420556 : Apache Tomcat vulnerability CVE-2018-8014
2018-07-17 00:00:00
K64921482 : Apache Tomcat vulnerability CVE-2018-11784
2018-10-25 00:00:00
cvelist
cvelist
CVE-2019-17563
2019-12-23 16:39:01
CVE-2018-8014
2018-05-16 16:00:00
kaspersky
kaspersky
KLA11327 SB vulnerability in Apache Tomcat
2018-10-03 00:00:00
KLA11256 SB vulnerability in Apache Tomcat
2018-05-15 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0065
2018-07-02 00:00:00
veracode
veracode
Insecure Defaults
2018-05-17 04:40:32
Open Redirection
2019-01-15 09:25:50
Open Redirection
2018-10-04 09:06:12
zdt
zdt
Apache Tomcat 9.0.0.M1 - Open Redirect Vulnerability
2021-07-13 00:00:00
packetstorm
packetstorm
Apache Tomcat 9.0.0M1 Open Redirect
2021-07-11 00:00:00
redhatcve
redhatcve
CVE-2018-11784
2019-11-02 09:34:32
CVE-2018-8014
2020-04-06 17:04:57
nuclei
nuclei
Apache Tomcat - Open Redirect
2021-03-18 16:22:01
nvd
nvd
CVE-2018-8014
2018-05-16 16:29:00
CVE-2019-17563
2019-12-23 17:15:11
CVE-2018-11784
2018-10-04 13:29:00
centos
centos
tomcat security update
2019-03-19 14:33:17
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Default Servlet Open Redirect (CVE-2018-11784)
2019-02-19 00:00:00
atlassian
atlassian
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
2020-01-15 15:29:54
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
2020-04-30 09:04:13

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.791 High

EPSS

Percentile

98.3%

JSON
Related for DEBIAN:DSA-4596-1:D180A
nessus53osv10openvas43fedora4redhat5gentoo1amazon6mageia3ibm13ubuntu4debian4symantec2suse5hackerone1tomcat3rocky1oraclelinux3almalinux1ubuntucve3cve3github3debiancve3prion2f52cvelist2kaspersky2photon1veracode4zdt1packetstorm1redhatcve2nuclei1nvd3centos1checkpoint_advisories1atlassian2