ALSA-2024:0125
- Source
- https://errata.almalinux.org/8/ALSA-2024-0125.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0125.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2024:0125
- Related
- Published
- 2024-01-10T00:00:00Z
- Modified
- 2024-01-16T16:57:24Z
- Summary
- Moderate: tomcat security update
- Details
-
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
- tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2024:0125
- https://access.redhat.com/security/cve/CVE-2023-41080
- https://access.redhat.com/security/cve/CVE-2023-42794
- https://access.redhat.com/security/cve/CVE-2023-42795
- https://access.redhat.com/security/cve/CVE-2023-45648
- https://bugzilla.redhat.com/2235370
- https://bugzilla.redhat.com/2243749
- https://bugzilla.redhat.com/2243751
- https://bugzilla.redhat.com/2243752
- https://errata.almalinux.org/8/ALSA-2024-0125.html
Affected packages
AlmaLinux:8 / tomcat
Package
- Name
- tomcat
AlmaLinux:8 / tomcat-admin-webapps
Package
- Name
- tomcat-admin-webapps
AlmaLinux:8 / tomcat-docs-webapp
Package
- Name
- tomcat-docs-webapp
AlmaLinux:8 / tomcat-el-3.0-api
Package
- Name
- tomcat-el-3.0-api
AlmaLinux:8 / tomcat-jsp-2.3-api
Package
- Name
- tomcat-jsp-2.3-api
AlmaLinux:8 / tomcat-lib
Package
- Name
- tomcat-lib
AlmaLinux:8 / tomcat-servlet-4.0-api
Package
- Name
- tomcat-servlet-4.0-api