First published: Tue Jun 11 2024(Updated: )
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.<br>Security Fix(es):<br><li> Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)</li> <li> Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)</li> Bug Fix(es):<br><li> Rebase tomcat to version 9.0.87 (JIRA:RHEL-34811)</li> <li> Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly (JIRA:RHEL-37865)</li>
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | ||
Red Hat Red Hat Enterprise Linux Server - TUS | ||
Red Hat Red Hat Enterprise Linux for ARM 64 - Extended Update Support | ||
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | ||
Red Hat Red Hat Enterprise Linux for x86_64 - Extended Update Support | ||
Red Hat Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | ||
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support | ||
redhat/tomcat | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
redhat/tomcat | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
redhat/tomcat-admin-webapps | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
redhat/tomcat-docs-webapp | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
redhat/tomcat-el | <3.0-api-9.0.87-1.el8_8.2 | 3.0-api-9.0.87-1.el8_8.2 |
redhat/tomcat-jsp | <2.3-api-9.0.87-1.el8_8.2 | 2.3-api-9.0.87-1.el8_8.2 |
redhat/tomcat-lib | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
redhat/tomcat-servlet | <4.0-api-9.0.87-1.el8_8.2 | 4.0-api-9.0.87-1.el8_8.2 |
redhat/tomcat-webapps | <9.0.87-1.el8_8.2 | 9.0.87-1.el8_8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.