CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
90.5%
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | noarch | tomcat-servlet-4.0-api | < 9.0.62-27.el8_9 | tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-admin-webapps | < 9.0.62-27.el8_9 | tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-lib | < 9.0.62-27.el8_9 | tomcat-lib-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat | < 9.0.62-27.el8_9 | tomcat-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-docs-webapp | < 9.0.62-27.el8_9 | tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-el-3.0-api | < 9.0.62-27.el8_9 | tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-jsp-2.3-api | < 9.0.62-27.el8_9 | tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm |
RedHat | 8 | noarch | tomcat-webapps | < 9.0.62-27.el8_9 | tomcat-webapps-9.0.62-27.el8_9.noarch.rpm |