tomcat-7.0.69-10.el7
エラータID: AXSA:2016-1116:02
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.
Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.
Security issues fixed with this release:
CVE-2015-5174
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat
6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows
remote authenticated users to bypass intended SecurityManager
restrictions and list a parent directory via a /.. (slash dot dot) in
a pathname used by a web application in a getResource,
getResourceAsStream, or getResourcePaths call, as demonstrated by the
$CATALINA_BASE/webapps directory.
CVE-2015-5345
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before
7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects
before considering security constraints and Filters, which allows
remote attackers to determine the existence of a directory via a URL
that lacks a trailing / (slash) character.
CVE-2015-5351
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x
before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish
sessions and send CSRF tokens for arbitrary new requests, which allows
remote attackers to bypass a CSRF protection mechanism by using a
token.
CVE-2016-0706
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31,
and 9.x before 9.0.0.M2 does not place
org.apache.catalina.manager.StatusManagerServlet on the
org/apache/catalina/core/RestrictedServlets.properties list, which
allows remote authenticated users to bypass intended SecurityManager
restrictions and read arbitrary HTTP requests, and consequently
discover session ID values, via a crafted web application.
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before
6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2
mishandles session attributes, which allows remote authenticated users
to bypass intended SecurityManager restrictions and execute arbitrary
code in a privileged context via a web application that places a
crafted object in a session.
CVE-2016-0763
The setGlobalContext method in
org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat
7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not
consider whether ResourceLinkFactory.setGlobalContext callers are
authorized, which allows remote authenticated users to bypass intended
SecurityManager restrictions and read or write to arbitrary
application data, or cause a denial of service (application
disruption), via a web application that sets a crafted global context.
CVE-2016-3092
The MultipartStream class in Apache Commons Fileupload before 1.3.2,
as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x
before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows
remote attackers to cause a denial of service (CPU consumption) via a
long boundary string.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69).
Additional Changes:
Update packages.
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
N/A
SRPMS
- tomcat-7.0.69-10.el7.src.rpm
MD5: 57ce00fd59d6ae3f55924ea4d4403be0
SHA-256: e12950e1df41c5acbe21dd1c88338b6c1c745ccc13fb846933b8558f2c14ea59
Size: 4.56 MB
Asianux Server 7 for x86_64
- tomcat-7.0.69-10.el7.noarch.rpm
MD5: 9ae9f0ecb379d160f6d0a39ea40039e4
SHA-256: 9ca188cc1d6c7fac97dbbef88380175bd6b52edb8357211530e126dc34378323
Size: 87.51 kB - tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm
MD5: 6b0bf2c343923411fd370ba9fa49f994
SHA-256: 68422071e4a4cf4c9b0fe6d26ee035d9c8c69130460947a10ded2abf75779f86
Size: 39.85 kB - tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm
MD5: fe03d727dcdeb9d78bb9ea98b19a65c0
SHA-256: 33e771634627ed0ef6fe750639aeb4a909f704027f9a8ce1cbc016cab3afb8bf
Size: 78.07 kB - tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm
MD5: b9133b243fc2654b507b53ebf18f7a9a
SHA-256: 95952aab0773931587ac2450dd4163c247f7e2862ccf3adcc98cb2ad0c25f2eb
Size: 91.80 kB - tomcat-lib-7.0.69-10.el7.noarch.rpm
MD5: 3ce51481e3f972c1b3dcba61c317be7b
SHA-256: aa79b621d685aba4ff47ee1fadddd7db2b706293c3b5499324aa161b3ddd4960
Size: 3.82 MB - tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
MD5: e0d1f8c8e834a1aefe647de1fea19048
SHA-256: 3dc93f0425a024c69cbccdfa7e7a4dbce28aa2f6ff8134fe8172e9ddd62d6a0a
Size: 209.18 kB - tomcat-webapps-7.0.69-10.el7.noarch.rpm
MD5: 1009d0c9299dc3fa9b4a19fb19b628d7
SHA-256: a6aded6ff5b10fd3aab0f3b4ea384bc3c62373f1a97f43d0db7c5a2fc64e35b7
Size: 355.62 kB