First published: Tue Mar 30 2021(Updated: )
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.<br>Security Fix(es):<br><li> tomcat: Session fixation when using FORM authentication (CVE-2019-17563)</li> <li> tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/tomcat | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-admin-webapps | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-docs-webapp | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-el | <2.2-api-7.0.76-12.el7_7 | 2.2-api-7.0.76-12.el7_7 |
redhat/tomcat-javadoc | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-jsp | <2.2-api-7.0.76-12.el7_7 | 2.2-api-7.0.76-12.el7_7 |
redhat/tomcat-jsvc | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-lib | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
redhat/tomcat-servlet | <3.0-api-7.0.76-12.el7_7 | 3.0-api-7.0.76-12.el7_7 |
redhat/tomcat-webapps | <7.0.76-12.el7_7 | 7.0.76-12.el7_7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.