Jump to letter: [
3ABCDEFGHIJKLMNOPQRSTUVWXYZ
]
tomcat - Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
- Description:
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.
Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.
Packages
tomcat-7.0.76-16.el7_9.noarch
[89 KiB] |
Changelog
by Hui Wang (2020-09-23):
- Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
|
tomcat-7.0.76-15.el7.noarch
[89 KiB] |
Changelog
by Coty Sutherland (2020-07-17):
- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
|
tomcat-7.0.76-12.el7_8.noarch
[88 KiB] |
Changelog
by Coty Sutherland (2020-05-21):
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
|
tomcat-7.0.76-11.el7_7.noarch
[88 KiB] |
Changelog
by Coty Sutherland (2020-03-03):
- Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
|
tomcat-7.0.76-9.el7_6.noarch
[87 KiB] |
Changelog
by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
|
tomcat-7.0.76-9.el7.noarch
[88 KiB] |
Changelog
by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values
|
tomcat-7.0.76-8.el7_5.noarch
[87 KiB] |
Changelog
by Coty Sutherland (2018-10-01):
- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
|
tomcat-7.0.76-3.el7_4.noarch
[89 KiB] |
Changelog
by Coty Sutherland (2017-10-12):
- Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision
|