Multiple vulnerabilities in Apache Tomcat

Posted on Posted in Tomcat

Description: Multiple vulnerabilies had been reported for Apache Tomcat recently.

Issues:

  • Application Listener Facade Object Error Lets Remote Users Modify Data on the Target System
  • HTTP Connector Send File Processing Cache Error Lets Remote Users Obtain Potentially Sensitive Information on the Target System
  • Pipelined Request Send File Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
  • HTTP/2 GOAWAY Frame Processing Error Lets Remote Users Consume Excessive Resources on the Target System

Affected versions:

  • 7.0.0 - 7.0.75
  • 8.0.0.RC1 - 8.0.41
  • 8.5.0 - 8.5.11
  • 9.0.0.M1 - 9.0.0.M17

Recommended action: Apply the vendor issued fix

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *