Synopsis: Important: tomcat security update
Advisory ID: SLSA-2017:1809-1
Issue Date: 2017-07-27
CVE Numbers: CVE-2017-5648
CVE-2017-5664
—
Security Fix(es):
* A vulnerability was discovered in the error page mechanism in Tomcat’s
DefaultServlet implementation. A crafted HTTP request could cause
undesired side effects, possibly including the removal or replacement of
the custom error page. (CVE-2017-5664)
* A vulnerability was discovered in Tomcat. When running an untrusted
application under a SecurityManager it was possible, under some
circumstances, for that application to retain references to the request or
response objects and thereby access and/or modify information associated
with another web application. (CVE-2017-5648)
—
SL7
noarch
tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
tomcat-7.0.69-12.el7_3.noarch.rpm
tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
tomcat-lib-7.0.69-12.el7_3.noarch.rpm
tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
– Scientific Linux Development Team
