tomcat-9.0.62-27.el8_9.3
エラータID: AXSA:2024-7490:04
リリース日:
2024/01/31 Wednesday - 14:47
題名:
tomcat-9.0.62-27.el8_9.3
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat には、HTTP トレーラーヘッダーの検証処理の不備に
起因して単一のリクエストを複数のリクエストとして処理してしまう
問題があるため、リモートの攻撃者により、HTTP リクエストスマグ
リング攻撃を可能とする脆弱性が存在します。(CVE-2023-46589)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-9.0.62-27.el8_9.3.src.rpm
MD5: ea70590b894c90589bb73162bfc6b3e3
SHA-256: afdb904d9e0b5883ba6746731fadf232896a76aa2cef87546324102e1d9e26c7
Size: 14.55 MB
Asianux Server 8 for x86_64
- tomcat-9.0.62-27.el8_9.3.noarch.rpm
MD5: cfa2b2e7b613269670fa112814c5daf2
SHA-256: 08fd9a599e61d9de0701491b8bfaae3929c38960322c8f8d326558c343d30c4d
Size: 90.70 kB - tomcat-admin-webapps-9.0.62-27.el8_9.3.noarch.rpm
MD5: 86b40888468687b8fa014af518331ee4
SHA-256: 4441e0776e358a27f1a6119e043ca03233b79d17599c9610cb679543c0a2c2b1
Size: 72.39 kB - tomcat-docs-webapp-9.0.62-27.el8_9.3.noarch.rpm
MD5: e5c6cec6b20045e218d881d8383c02bb
SHA-256: acb07fa2b1b5e3783cd3527e5c5acdeac834d21d414d0272e750dded0abcfaf6
Size: 728.71 kB - tomcat-el-3.0-api-9.0.62-27.el8_9.3.noarch.rpm
MD5: a39ddc204a21987f65e9e0af02039642
SHA-256: a6dcc74a74c7d3990f920621351364aaf14e9376b41ced64a0287d8303e12c68
Size: 105.55 kB - tomcat-jsp-2.3-api-9.0.62-27.el8_9.3.noarch.rpm
MD5: 92f8ca28a96f120571fc17bb77c9db71
SHA-256: 6480b5b8920a42d01fceb5742338811c2838eb41f73e00e953d86cbde8617433
Size: 64.44 kB - tomcat-lib-9.0.62-27.el8_9.3.noarch.rpm
MD5: ca496fc90f2dd78f01069d07d6e3dd30
SHA-256: 1a38780f1c734e2fc3c82448402424b5289eb59a5845440fe4c32f1ce616082b
Size: 5.90 MB - tomcat-servlet-4.0-api-9.0.62-27.el8_9.3.noarch.rpm
MD5: cff794c4dd1f3f1aeda4e1bed94f4af9
SHA-256: 1f7f4f40ca001ae5bafe49c26ab22cb1eda79d6863fbede218cfe418c1d9f59b
Size: 285.49 kB - tomcat-webapps-9.0.62-27.el8_9.3.noarch.rpm
MD5: a3f8e66ee5daaf2446d45f0defbcb686
SHA-256: dbfb26d1c30f1142f1e08a24fdd3634a2c9dcd0e08aaa70d70375789a8c3e0f4
Size: 79.81 kB
English