tomcat-9.0.62-5.el8.2
エラータID: AXSA:2023-6527:03
Release date:
Saturday, October 21, 2023 - 09:15
Subject:
tomcat-9.0.62-5.el8.2
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Solution:
Update packages.
CVEs:
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional Info:
N/A
Download:
SRPMS
- tomcat-9.0.62-5.el8.2.src.rpm
MD5: 30872327c5e1cf7c159afd42eea23dda
SHA-256: 9d8a0f8fdcfff459f6b5102556862f6a9ceacc6d63a31ad1d51b0d2d99eaf978
Size: 14.34 MB
Asianux Server 8 for x86_64
- tomcat-9.0.62-5.el8.2.noarch.rpm
MD5: 095e02fa06a992d13e3400077b78f198
SHA-256: 9fcbf7dd5d5bd25ddec0a5b4044c316bd7d928991a0f13b6d4bb3d14ac83f31e
Size: 90.45 kB - tomcat-admin-webapps-9.0.62-5.el8.2.noarch.rpm
MD5: 8ba0604552097cd2d76d980de067f839
SHA-256: bc08e38c56640773fab8897a1f4c51058ed10569c57c3377afe6c67189721bd8
Size: 72.15 kB - tomcat-docs-webapp-9.0.62-5.el8.2.noarch.rpm
MD5: fff1c3818bb3511722e3d4d7a82c65dc
SHA-256: ae8ef9938570d6e622c9635cb3af4c3de27a971853f1183b30194000a79fea91
Size: 728.32 kB - tomcat-el-3.0-api-9.0.62-5.el8.2.noarch.rpm
MD5: 215ff7d5e7270cacc562cfbf6ee0884e
SHA-256: 115daa4bed3f0bc517cdcf748847ed046898a9ad9fa8b017f15c32302406ce8b
Size: 105.31 kB - tomcat-jsp-2.3-api-9.0.62-5.el8.2.noarch.rpm
MD5: 2027ac3e1efd0827abb059fa913e60d0
SHA-256: 7ece53869156fb07e1a913e0bb73cce1e972cb2f7913734a7f681942b638bd56
Size: 64.19 kB - tomcat-lib-9.0.62-5.el8.2.noarch.rpm
MD5: 34c5a174f052903208be22d73f15f121
SHA-256: 62571b8ffc51231ba69783694b244f2379acc866f18786ff977ce9bf39b5dcb3
Size: 5.90 MB - tomcat-servlet-4.0-api-9.0.62-5.el8.2.noarch.rpm
MD5: 1a431b660279bb2361e05153f8a3f8d2
SHA-256: ac5107a8a7ac2e8bab15dc56a2700477b4ce1e1ef69cfad44548f9a439a741c9
Size: 285.25 kB - tomcat-webapps-9.0.62-5.el8.2.noarch.rpm
MD5: b7bd329035a23ace700433fc09741212
SHA-256: 9b1e811cb4680b22dbeec0d58134d5d5ca0598fb371a71fa1c9975afe43e8a11
Size: 79.56 kB