tomcat-9.0.87-1.el9_4.1
エラータID: AXSA:2024-8150:07
リリース日:
2024/06/14 Friday - 15:24
題名:
tomcat-9.0.87-1.el9_4.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat には、接続後のクリーンアップ処理の不備
により WebSocket 接続が適切にクローズされない問題がある
ため、リモートの攻撃者により、クライアントが WebSocket
接続を開いたままにすることを介して、サービス拒否攻撃
(リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-23672)
- Apache Tomcat には、HTTP/2 リクエスト内のヘッダー
ごとの制限を超過しても、すべてのヘッダーを処理する
まで HTTP/2 ストリームをリセットしない問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (リソースの
枯渇) を可能とする脆弱性が存在します。(CVE-2024-24549)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-9.0.87-1.el9_4.1.src.rpm
MD5: eb74f0cd87dd889b4ae6704752b55f80
SHA-256: 82036f420d2797e7c2848483fcaf23a28e42673618f03e13877218f54abaf25a
Size: 15.11 MB
Asianux Server 9 for x86_64
- tomcat-9.0.87-1.el9_4.1.noarch.rpm
MD5: 97c959e22db5afb38df536a57fe9cb2a
SHA-256: ecbd69f909b7aa646d1624bce45f7feb09f38026fbef16cf43f5dc2d6fe7892c
Size: 98.76 kB - tomcat-admin-webapps-9.0.87-1.el9_4.1.noarch.rpm
MD5: 9ae4cdbf28b2f2d72e72fc72cbf95c8f
SHA-256: 48562650686b55c066d6121699b2d9d1debad94df3f214d1c362406257673b4b
Size: 79.67 kB - tomcat-docs-webapp-9.0.87-1.el9_4.1.noarch.rpm
MD5: 9829e6af2ed5b3004d0d80a126a0cdbf
SHA-256: 948e1d4f8057086339a25fb76b41cf65bc906e97cfde6f11a9f094e5dfb9c90c
Size: 725.68 kB - tomcat-el-3.0-api-9.0.87-1.el9_4.1.noarch.rpm
MD5: 5db416ddc20865dce562cce7cf64ee4e
SHA-256: 746d9d6953eb5bd4686ce315920b1d0301d96bcf7eb17665c9aa0fb16a68520a
Size: 105.53 kB - tomcat-jsp-2.3-api-9.0.87-1.el9_4.1.noarch.rpm
MD5: 067fe9a3e4c66fb663ea95c60217ada1
SHA-256: 0fa78db630c4ce21a0320e7066b46981346568aea569b99e9ea3f720e6ec3337
Size: 72.44 kB - tomcat-lib-9.0.87-1.el9_4.1.noarch.rpm
MD5: 72fd687341d9e91c8e1e8dfb3e9d1d57
SHA-256: 218630951e95bafc27770920baba673a7b78dfe81284cbdd7ac86d1128dc1f5d
Size: 5.97 MB - tomcat-servlet-4.0-api-9.0.87-1.el9_4.1.noarch.rpm
MD5: 7ee2811b6ead65f8f5f444f14559517b
SHA-256: 0b814a9666f7624e20f7e4b94e9966ed7d01483424c291fe7199943a5e387b16
Size: 284.51 kB - tomcat-webapps-9.0.87-1.el9_4.1.noarch.rpm
MD5: f602f719f5084ec28f78ff569f5c73de
SHA-256: 467bcf2458694617081e703d104e8be02c5f924e2e632ca0e1fc0cd23786749e
Size: 80.53 kB
English