tomcat (SL7)

Synopsis: Important: tomcat security and bug fix update
Advisory ID: SLSA-2020:4004-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2019-17563
CVE-2020-13935

Security Fix(es):

* tomcat: multiple requests with invalid payload length in a WebSocket
frame could lead to DoS (CVE-2020-13935)

* tomcat: session fixation when using FORM authentication (CVE-2019-17563)

SL7
x86_64
tomcat-webapps-7.0.76-15.el7.noarch.rpm
tomcat-7.0.76-15.el7.noarch.rpm
tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm
tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm
tomcat-lib-7.0.76-15.el7.noarch.rpm
tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm
tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm
noarch
tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm
tomcat-7.0.76-15.el7.noarch.rpm
tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm
tomcat-docs-webapp-7.0.76-15.el7.noarch.rpm
tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm
tomcat-javadoc-7.0.76-15.el7.noarch.rpm
tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm
tomcat-jsvc-7.0.76-15.el7.noarch.rpm
tomcat-lib-7.0.76-15.el7.noarch.rpm
tomcat-webapps-7.0.76-15.el7.noarch.rpm

– Scientific Linux Development Team