Lucene search
OracleLinuxELSA-2024-0539HistoryJan 29, 2024 - 12:00 a.m.
tomcat security update
2024-01-2900:00:00
linux.oracle.com
13
tomcat
security update
http request smuggling
malformed trailer headers
cve-2023-46589
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%
[1:9.0.62-27.3]
- tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | tomcat | < 9.0.62-27.el8_9.3 | tomcat-9.0.62-27.el8_9.3.src.rpm |
| oracle linux | 8 | noarch | tomcat | < 9.0.62-27.el8_9.3 | tomcat-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-admin-webapps | < 9.0.62-27.el8_9.3 | tomcat-admin-webapps-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-docs-webapp | < 9.0.62-27.el8_9.3 | tomcat-docs-webapp-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-el-3.0-api | < 9.0.62-27.el8_9.3 | tomcat-el-3.0-api-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-jsp-2.3-api | < 9.0.62-27.el8_9.3 | tomcat-jsp-2.3-api-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-lib | < 9.0.62-27.el8_9.3 | tomcat-lib-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-servlet-4.0-api | < 9.0.62-27.el8_9.3 | tomcat-servlet-4.0-api-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | noarch | tomcat-webapps | < 9.0.62-27.el8_9.3 | tomcat-webapps-9.0.62-27.el8_9.3.noarch.rpm |
| oracle linux | 8 | src | tomcat | < 9.0.62-27.el8_9.3 | tomcat-9.0.62-27.el8_9.3.src.rpm |
Related
kaspersky
kaspersky
KLA62192 ACE vulnerability in Apache Tomcat
2023-11-13 00:00:00
KLA62193 ACE vulnerability in Apache Tomcat
2023-11-14 00:00:00
KLA62191 ACE vulnerability in Apache Tomcat
2023-11-15 00:00:00
nessus
nessus
Rocky Linux 8 : tomcat (RLSA-2024:0539)
2024-02-12 00:00:00
RHEL 9 : tomcat (RHSA-2024:1092)
2024-03-05 00:00:00
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-018)
2024-03-18 00:00:00
f5
f5
K000137926 : Apache Tomcat vulnerability CVE-2023-46589
2023-12-18 00:00:00
almalinux
almalinux
Important: tomcat security update
2024-01-29 00:00:00
Important: tomcat security update
2024-03-05 00:00:00
osv
osv
Important: tomcat security update
2024-03-05 00:00:00
BIT-tomcat-2023-46589
2024-03-06 11:07:35
Apache Tomcat Improper Input Validation vulnerability
2023-11-28 18:30:23
redhat
redhat
(RHSA-2024:1134) Important: tomcat security update
2024-03-05 15:32:17
(RHSA-2024:1092) Important: tomcat security update
2024-03-05 06:13:21
(RHSA-2024:0539) Important: tomcat security update
2024-01-29 08:03:51
atlassian
atlassian
tomcat
tomcat
Fixed in Apache Tomcat 8.5.96
2023-11-13 00:00:00
Fixed in Apache Tomcat 9.0.83
2023-11-15 00:00:00
Fixed in Apache Tomcat 10.1.16
2023-11-14 00:00:00
ibm
ibm
amazon
amazon
Medium: tomcat8
2024-01-19 01:19:00
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-46589
2023-11-29 09:26:39
cve
cve
CVE-2023-46589
2023-11-28 16:15:06
debiancve
debiancve
CVE-2023-46589
2023-11-28 16:15:06
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0209-1)
2024-01-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0206-1)
2024-01-25 00:00:00
Debian: Security Advisory (DLA-3707-1)
2024-01-12 00:00:00
rocky
rocky
tomcat security update
2024-02-12 20:16:50
ubuntucve
ubuntucve
CVE-2023-46589
2023-11-28 00:00:00
debian
debian
[SECURITY] [DLA 3707-1] tomcat9 security update
2024-01-05 09:40:41
[SECURITY] [DSA 5665-1] tomcat10 security update
2024-04-17 22:03:15
[SECURITY] [DSA 5667-1] tomcat9 security update
2024-04-19 20:06:14
oraclelinux
oraclelinux
tomcat security update
2024-03-07 00:00:00
nvd
nvd
CVE-2023-46589
2023-11-28 16:15:06
prion
prion
Input validation
2023-11-28 16:15:00
github
github
Apache Tomcat Improper Input Validation vulnerability
2023-11-28 18:30:23
veracode
veracode
Request Smuggling
2023-11-29 06:11:28
cgr
cgr
CVE-2023-46589 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20240405-12
2024-04-05 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0215
2024-02-21 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0732
2024-02-29 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0574
2024-02-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%
Related for ELSA-2024-0539