Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-46589 (GCVE-0-2023-46589)
Vulnerability from cvelistv5 – Published: 2023-11-28 15:31 – Updated: 2025-10-29 12:00
VLAI
EPSS
Title
Apache Tomcat: HTTP request smuggling via malformed trailer headers
Summary
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/0rqq6ktozqc42ro8h… | vendor-advisory |
| https://www.openwall.com/lists/oss-security/2023/… | |
| https://security.netapp.com/advisory/ntap-2023121… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.0-M10
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.15 (semver) Affected: 9.0.0-M1 , ≤ 9.0.82 (semver) Affected: 8.5.0 , ≤ 8.5.95 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
|
| apache | tomcat |
Affected:
11.0.0-m1 , ≤ 11.0.0-m10
(custom)
Affected: 10.1.0-M1 , ≤ 10.1.15 (custom) Affected: 9.0.0-M1 , ≤ 9.0.82 (custom) Affected: 8.5.0 , ≤ 8.5.95 (custom) cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:* |
Credits
Norihito Aimoto (OSSTech Corporation)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tomcat",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "11.0.0-m10",
"status": "affected",
"version": "11.0.0-m1",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.1.15",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.82",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.5.95",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T16:04:24.661745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T13:49:04.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/11/28/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231214-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M10",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.15",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.82",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.95",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Norihito Aimoto (OSSTech Corporation)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Apache Tomcat.\u003cp\u003eTomcat \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95\u003c/span\u003e did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOlder, EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 11.0.0-M11\u0026nbsp;onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T12:00:24.622Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/11/28/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: HTTP request smuggling via malformed trailer headers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-46589",
"datePublished": "2023-11-28T15:31:52.366Z",
"dateReserved": "2023-10-23T08:14:01.046Z",
"dateUpdated": "2025-10-29T12:00:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-46589",
"date": "2026-06-05",
"epss": "0.53163",
"percentile": "0.9802"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46589\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-11-28T16:15:06.943\",\"lastModified\":\"2025-08-07T11:15:28.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\\n\\n\\nOlder, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M11\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M10, desde 10.1.0-M1 hasta 10.1.15, desde 9.0.0-M1 hasta 9.0.82 y desde 8.5.0 hasta 8.5 .95 no analiz\u00f3 correctamente los encabezados de las colas HTTP. Un encabezado de avance que exceda el l\u00edmite de tama\u00f1o del encabezado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que generar\u00eda la posibilidad de contrabando de solicitudes cuando se encuentre detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M11 en adelante, 10.1.16 en adelante, 9.0.83 en adelante o 8.5.96 en adelante, que solucionan el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.96\",\"matchCriteriaId\":\"867B2A31-53D8-4B64-8B39-E80A30218ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.83\",\"matchCriteriaId\":\"D2DE147C-CBD1-456B-BD13-30BD0FDF3AB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.16\",\"matchCriteriaId\":\"7CF88558-277F-4539-9B17-486E2ABE360C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/11/28/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231214-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/11/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/11/28/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231214-0009/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:45:42.297Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46589\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-11T16:04:24.661745Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-m1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"11.0.0-m10\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.15\"}, {\"status\": \"affected\", \"version\": \"9.0.0-M1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0.82\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.5.95\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-11T16:09:30.657Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: HTTP request smuggling via malformed trailer headers\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Norihito Aimoto (OSSTech Corporation)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-M10\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.15\"}, {\"status\": \"affected\", \"version\": \"9.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.82\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.95\"}, {\"status\": \"unknown\", \"version\": \"3\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/11/28/2\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\\n\\n\\nOlder, EOL versions may also be affected.\\n\\n\\nUsers are recommended to upgrade to version 11.0.0-M11\\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in Apache Tomcat.\u003cp\u003eTomcat \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003efrom 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95\u003c/span\u003e did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \\nrequest as multiple requests leading to the possibility of request \\nsmuggling when behind a reverse proxy.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOlder, EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eUsers are recommended to upgrade to version 11.0.0-M11\u0026nbsp;onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T12:00:24.622Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-46589\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-29T12:00:24.622Z\", \"dateReserved\": \"2023-10-23T08:14:01.046Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-11-28T15:31:52.366Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:1325
Vulnerability from csaf_redhat - Published: 2024-03-18 14:52 - Updated: 2026-05-29 17:49Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.1 release and security update
Severity
Important
Notes
Topic: Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.0.1 serves as a replacement for Red Hat JBoss Web Server 6.0.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 6.0.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 6.0.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 6.0.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only after all the headers within the request have been processed. This lapse in resetting the stream exposes the system to potential risks, as it allows malicious actors to exploit the delay in stream reset to carry out various attacks, such as header manipulation or resource exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JWS 6.0.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.1 serves as a replacement for Red Hat JBoss Web Server 6.0.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\n* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1325",
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=6.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=6.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/6.0/html/red_hat_jboss_web_server_6.0_service_pack_1_release_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/6.0/html/red_hat_jboss_web_server_6.0_service_pack_1_release_notes"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2248616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248616"
},
{
"category": "external",
"summary": "2252050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050"
},
{
"category": "external",
"summary": "2269607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1325.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.1 release and security update",
"tracking": {
"current_release_date": "2026-05-29T17:49:39+00:00",
"generator": {
"date": "2026-05-29T17:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:1325",
"initial_release_date": "2024-03-18T14:52:39+00:00",
"revision_history": [
{
"date": "2024-03-18T14:52:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-19T15:40:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T17:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JWS 6.0.1",
"product": {
"name": "JWS 6.0.1",
"product_id": "JWS 6.0.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in OpenSSL is categorized as a low severity issue primarily because it requires specific conditions to exploit and doesn\u0027t directly result in a full Denial of Service (DoS). While the excessive time spent in DH key generation or verification could potentially cause delays, the impact is mitigated by the fact that it requires untrusted sources supplying large Q parameter values. Additionally, the OpenSSL SSL/TLS implementation remains unaffected, limiting the scope of potential attacks. Moreover, there are inherent limits on key length, which further restrict the potential for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 6.0.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5678"
},
{
"category": "external",
"summary": "RHBZ#2248616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
},
{
"category": "external",
"summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
},
{
"category": "external",
"summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
},
{
"category": "external",
"summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
},
{
"category": "external",
"summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20231106.txt",
"url": "https://www.openssl.org/news/secadv/20231106.txt"
}
],
"release_date": "2023-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T14:52:39+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"JWS 6.0.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"JWS 6.0.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"JWS 6.0.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 6.0.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T14:52:39+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"JWS 6.0.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"JWS 6.0.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252050"
}
],
"notes": [
{
"category": "description",
"text": "An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP request smuggling via malformed trailer headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Apache Tomcat is of significant importance due to its potential to exploit HTTP request smuggling, presenting a security risk for web applications utilizing Tomcat. The flaw arises from Tomcat\u0027s improper parsing of HTTP trailer headers, where a specifically crafted header exceeding the size limit could cause Tomcat to treat a single request as multiple ones. This opens the door for attackers to manipulate requests and potentially conduct various malicious activities, such as unauthorized access, data exposure, or other exploits, particularly when Tomcat is deployed behind a reverse proxy. \n\nThe pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 6.0.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "RHBZ#2252050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/11/28/2",
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"
}
],
"release_date": "2023-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T14:52:39+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"JWS 6.0.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"JWS 6.0.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"JWS 6.0.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: HTTP request smuggling via malformed trailer headers"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269607"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn\u0027t reset immediately. Instead, the reset action occurs only after all the headers within the request have been processed. This lapse in resetting the stream exposes the system to potential risks, as it allows malicious actors to exploit the delay in stream reset to carry out various attacks, such as header manipulation or resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat: HTTP/2 header handling DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability presents an Important severity issue due to its potential to facilitate various forms of attack, particularly in the context of HTTP/2 protocol. By delaying the reset of HTTP/2 streams until after processing all headers, malicious actors can exploit this window to execute header manipulation attacks, leading to potential data exfiltration, injection of malicious content, or server resource exhaustion. Furthermore, the delayed reset prolongs the exposure time of vulnerable systems, increasing the likelihood of successful exploitation.\n\nIn addition, Red Hat Certificate System 10.0 and Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. See https://access.redhat.com/security/cve/CVE-2020-13934 for context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JWS 6.0.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "RHBZ#2269607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg",
"url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg"
}
],
"release_date": "2024-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-18T14:52:39+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"JWS 6.0.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"JWS 6.0.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"JWS 6.0.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tomcat: HTTP/2 header handling DoS"
}
]
}
RHSA-2024:3354
Vulnerability from csaf_redhat - Published: 2024-05-23 22:45 - Updated: 2026-04-30 13:18Summary
Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Severity
Important
Notes
Topic: Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Fuse 7.13.0 is released which includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jetty-servlets: jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
* JSON-java: parser confusion leads to OOM (CVE-2023-5072)
* http2-hpack: jetty: hpack header values cause denial of service in http/2 (CVE-2023-36478)
* spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service (CVE-2023-34055)
* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
* activemq: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE (CVE-2022-41678)
* logback: serialization vulnerability in logback receiver (CVE-2023-6378)
* logback: A serialization vulnerability in logback receiver (CVE-2023-6481)
* solr: : Apache Solr: Host environment variables are published via the Metrics API (CVE-2023-50290)
* shiro: path traversal attack may lead to authentication bypass (CVE-2023-46749)
* tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)
* springframework: URL Parsing with Host Validation (CVE-2024-22243)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in ActiveMQ's Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia's HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the true`MetaDataBuilder.checkSize`, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.
CWE-149 - Improper Neutralization of Quoting SyntaxAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or authentication.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was discovered in Spring Framework. Under certain conditions, an attacker might be able to trigger an open redirect. This issue can simplify the process of conducting a phishing attack against users of the deployment.
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVoter#vote passing a NULL authentication parameter.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.13.0
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
108 references
Acknowledgments
System and Software Security Lab in Fudan University
Keke Lian & Haoran Zhao
Motorola Solutions
Sean Pesce
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Fuse 7.13.0 is released which includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jetty-servlets: jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* JSON-java: parser confusion leads to OOM (CVE-2023-5072)\n\n* http2-hpack: jetty: hpack header values cause denial of service in http/2 (CVE-2023-36478)\n\n* spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service (CVE-2023-34055)\n\n* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)\n\n* activemq: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE (CVE-2022-41678)\n\n* logback: serialization vulnerability in logback receiver (CVE-2023-6378)\n\n* logback: A serialization vulnerability in logback receiver (CVE-2023-6481)\n\n* solr: : Apache Solr: Host environment variables are published via the Metrics API (CVE-2023-50290)\n\n* shiro: path traversal attack may lead to authentication bypass (CVE-2023-46749)\n\n* tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)\n\n* springframework: URL Parsing with Host Validation (CVE-2024-22243)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3354",
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2243123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243123"
},
{
"category": "external",
"summary": "2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "external",
"summary": "2251917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251917"
},
{
"category": "external",
"summary": "2252050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050"
},
{
"category": "external",
"summary": "2252185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
},
{
"category": "external",
"summary": "2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "2252956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
},
{
"category": "external",
"summary": "2258132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258132"
},
{
"category": "external",
"summary": "2258134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258134"
},
{
"category": "external",
"summary": "2259204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204"
},
{
"category": "external",
"summary": "2265735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265735"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3354.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update",
"tracking": {
"current_release_date": "2026-04-30T13:18:33+00:00",
"generator": {
"date": "2026-04-30T13:18:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:3354",
"initial_release_date": "2024-05-23T22:45:30+00:00",
"revision_history": [
{
"date": "2024-05-23T22:45:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T22:45:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:18:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.13.0",
"product": {
"name": "Red Hat Fuse 7.13.0",
"product_id": "Red Hat Fuse 7.13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41678",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252185"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in ActiveMQ\u0027s Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia\u0027s HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered moderate severity due to the requirement of authenticated access to exploit the flaw, significantly reducing the risk to systems that enforce strong authentication controls. While it does allow for remote code execution through Jolokia\u0027s request handling and Java Management Extensions (JMX), the exploitation pathway is complex and relies on specific conditions, such as the presence of Java 11 or higher and misconfigured or permissive Jolokia settings. an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment.Only an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment. In environments where authentication is well-managed and Jolokia is correctly configured or disabled, the likelihood of successful exploitation is reduced, mitigating the overall impact on system security.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41678"
},
{
"category": "external",
"summary": "RHBZ#2252185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678"
}
],
"release_date": "2023-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JSON-java: parser confusion leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5072"
},
{
"category": "external",
"summary": "RHBZ#2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/758",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/771",
"url": "https://github.com/stleary/JSON-java/issues/771"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "No current mitigation is available for this flaw.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JSON-java: parser confusion leads to OOM"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "RHBZ#2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
}
],
"release_date": "2023-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027) via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: A serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6481"
},
{
"category": "external",
"summary": "RHBZ#2252956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: A serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-34055",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251917"
}
],
"notes": [
{
"category": "description",
"text": "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * org.springframework.boot:spring-boot-actuator\u00a0is on the classpath",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat does not ship any spring integration in the RHEL log4j package, therefore the log4j package is not affected by this issue in Red Hat Enterprise Linux 8 \u0026 9.\n\nRed Hat Single Sign-On provides Spring Boot adapters, but does not provide the affected code and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34055"
},
{
"category": "external",
"summary": "RHBZ#2251917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251917"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34055",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34055"
}
],
"release_date": "2023-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service"
},
{
"cve": "CVE-2023-36478",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243123"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the true`MetaDataBuilder.checkSize`, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: hpack header values cause denial of service in http/2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires a remote attacker to repeatedly send HTTP requests with HPACK, which could easily impact the server\u0027s performance or make it run out of memory. Hence, this vulnerability received an Important impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36478"
},
{
"category": "external",
"summary": "RHBZ#2243123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243123"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36478",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36478"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/pull/9634",
"url": "https://github.com/eclipse/jetty.project/pull/9634"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16",
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16",
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009",
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "No mitigations are currently available for this vulnerability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: hpack header values cause denial of service in http/2"
},
{
"cve": "CVE-2023-36479",
"cwe": {
"id": "CWE-149",
"name": "Improper Neutralization of Quoting Syntax"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36479"
},
{
"category": "external",
"summary": "RHBZ#2239630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252050"
}
],
"notes": [
{
"category": "description",
"text": "An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP request smuggling via malformed trailer headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Apache Tomcat is of significant importance due to its potential to exploit HTTP request smuggling, presenting a security risk for web applications utilizing Tomcat. The flaw arises from Tomcat\u0027s improper parsing of HTTP trailer headers, where a specifically crafted header exceeding the size limit could cause Tomcat to treat a single request as multiple ones. This opens the door for attackers to manipulate requests and potentially conduct various malicious activities, such as unauthorized access, data exposure, or other exploits, particularly when Tomcat is deployed behind a reverse proxy. \n\nThe pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "RHBZ#2252050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/11/28/2",
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"
}
],
"release_date": "2023-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: HTTP request smuggling via malformed trailer headers"
},
{
"cve": "CVE-2023-46749",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2024-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2258134"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: path traversal attack may lead to authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46749"
},
{
"category": "external",
"summary": "RHBZ#2258134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258134"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46749",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46749"
}
],
"release_date": "2024-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by making sure \u0027blockSemicolon\u0027 is enabled.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: path traversal attack may lead to authentication bypass"
},
{
"cve": "CVE-2023-50290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2258132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Solr: Host environment variables are published via the Metrics API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-50290"
},
{
"category": "external",
"summary": "RHBZ#2258132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50290"
}
],
"release_date": "2024-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Solr: Host environment variables are published via the Metrics API"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
},
{
"cve": "CVE-2024-21733",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2024-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259204"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability was found in Apache Tomcat. Incomplete POST requests triggered an error response that could contain data from a previous HTTP request. This flaw allows a remote attacker to access files from another user that should be otherwise prevented by limits or authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Leaking of unrelated request bodies in default error page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux remains unaffected as the vulnerable version of Tomcat (e.g., versions 8.5.7 through 8.5.63 and 9.0.0 through 9.0.43) has not been shipped or included.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "RHBZ#2259204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259204"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21733"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz",
"url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/01/19/2",
"url": "https://www.openwall.com/lists/oss-security/2024/01/19/2"
}
],
"release_date": "2024-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Leaking of unrelated request bodies in default error page"
},
{
"acknowledgments": [
{
"names": [
"Sean Pesce"
],
"organization": "Motorola Solutions"
}
],
"cve": "CVE-2024-22243",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265735"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Spring Framework. Under certain conditions, an attacker might be able to trigger an open redirect. This issue can simplify the process of conducting a phishing attack against users of the deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: URL Parsing with Host Validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The open redirect vulnerability discovered in the Spring Framework poses a moderate severity issue due to its potential to facilitate phishing attacks. While it doesn\u0027t directly lead to data compromise or system takeover, it significantly increases the likelihood of users being misled into visiting malicious websites.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22243"
},
{
"category": "external",
"summary": "RHBZ#2265735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22243",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22243"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22243",
"url": "https://spring.io/security/cve-2024-22243"
}
],
"release_date": "2024-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: URL Parsing with Host Validation"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270158"
}
],
"notes": [
{
"category": "description",
"text": "A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVoter#vote passing a NULL authentication parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control With Direct Use of AuthenticatedVoter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The AuthenticatedVoter class was deprecated since Spring Security 5.8 is used in favor of the AuthorizationManager class, which is not vulnerable to this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22257"
},
{
"category": "external",
"summary": "RHBZ#2270158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22257",
"url": "https://spring.io/security/cve-2024-22257"
}
],
"release_date": "2024-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security: Broken Access Control With Direct Use of AuthenticatedVoter"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270732"
}
],
"notes": [
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28752"
},
{
"category": "external",
"summary": "RHBZ#2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428",
"url": "https://github.com/advisories/GHSA-qmgx-j96g-4428"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T22:45:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.",
"product_ids": [
"Red Hat Fuse 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding"
}
]
}
SSA-784301
Vulnerability from csaf_siemens - Published: 2024-08-13 00:00 - Updated: 2024-08-13 00:00Summary
SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0
Notes
Summary: SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"category": "self",
"summary": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json"
}
],
"title": "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-784301",
"initial_release_date": "2024-08-13T00:00:00Z",
"revision_history": [
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SINEC NMS",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4611",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-4611"
},
{
"cve": "CVE-2023-5868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \u0027unknown\u0027-type arguments. Handling \u0027unknown\u0027-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5868"
},
{
"cve": "CVE-2023-5869",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5869"
},
{
"cve": "CVE-2023-5870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5870"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6378"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6481"
},
{
"cve": "CVE-2023-31122",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-34050",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-34050"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-42794",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-43622",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-43622"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-45802",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\u0027s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45802"
},
{
"cve": "CVE-2023-46120",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46120"
},
{
"cve": "CVE-2023-46280",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46280"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-0985",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-36398",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36398"
},
{
"cve": "CVE-2024-41938",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41938"
},
{
"cve": "CVE-2024-41939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41939"
},
{
"cve": "CVE-2024-41940",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41940"
},
{
"cve": "CVE-2024-41941",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109973059/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41941"
}
]
}
SUSE-SU-2024:0206-1
Vulnerability from csaf_suse - Published: 2024-01-24 12:54 - Updated: 2024-01-24 12:54Summary
Security update for tomcat
Severity
Moderate
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Security fixes:
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing. (bsc#1217649)
Other fixes:
- Streamline how patches are handled in the spec file of the package
Patchnames: SUSE-2024-206,SUSE-SLE-SERVER-12-SP5-2024-206
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nSecurity fixes:\n\n - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing. (bsc#1217649)\n\nOther fixes:\n\n- Streamline how patches are handled in the spec file of the package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-206,SUSE-SLE-SERVER-12-SP5-2024-206",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0206-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0206-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240206-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0206-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017752.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2024-01-24T12:54:18Z",
"generator": {
"date": "2024-01-24T12:54:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0206-1",
"initial_release_date": "2024-01-24T12:54:18Z",
"revision_history": [
{
"date": "2024-01-24T12:54:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.118.1.noarch",
"product_id": "tomcat-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.118.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.118.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.118.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.118.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.118.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.118.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.118.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.118.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.118.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.118.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.118.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-01-24T12:54:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
}
]
}
SUSE-SU-2024:0208-1
Vulnerability from csaf_suse - Published: 2024-01-24 12:54 - Updated: 2024-01-24 12:54Summary
Security update for tomcat10
Severity
Moderate
Notes
Title of the patch: Security update for tomcat10
Description of the patch: This update for tomcat10 fixes the following issues:
Updated to Tomcat 10.1.18
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Patchnames: SUSE-2024-208,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-208,openSUSE-SLE-15.5-2024-208
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-lib-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-embed-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-jsvc-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-lib-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdated to Tomcat 10.1.18\n\n- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)\n\nFind the full release notes at:\n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-208,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-208,openSUSE-SLE-15.5-2024-208",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0208-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0208-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240208-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0208-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017751.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2024-01-24T12:54:37Z",
"generator": {
"date": "2024-01-24T12:54:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0208-1",
"initial_release_date": "2024-01-24T12:54:37Z",
"revision_history": [
{
"date": "2024-01-24T12:54:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-doc-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-embed-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-jsvc-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-lib-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"product_id": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-lib-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-embed-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-jsvc-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-lib-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-admin-webapps-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-docs-webapp-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-el-5_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-embed-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-jsvc-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-lib-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1.noarch",
"openSUSE Leap 15.5:tomcat10-webapps-10.1.18-150200.5.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-01-24T12:54:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
}
]
}
SUSE-SU-2024:0209-1
Vulnerability from csaf_suse - Published: 2024-01-24 12:55 - Updated: 2024-01-24 12:55Summary
Security update for tomcat
Severity
Moderate
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Security fixes:
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing. (bsc#1217649)
Other fixes:
- Streamline how patches are handled in the spec file of the package
Patchnames: SUSE-2024-209,SUSE-SLE-Product-HPC-15-SP1-LTSS-2024-209,SUSE-SLE-Product-SLES-15-SP1-LTSS-2024-209,SUSE-SLE-Product-SLES_SAP-15-SP1-2024-209
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.105.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nSecurity fixes:\n\n - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing. (bsc#1217649)\n\nOther fixes:\n\n- Streamline how patches are handled in the spec file of the package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-209,SUSE-SLE-Product-HPC-15-SP1-LTSS-2024-209,SUSE-SLE-Product-SLES-15-SP1-LTSS-2024-209,SUSE-SLE-Product-SLES_SAP-15-SP1-2024-209",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0209-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0209-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240209-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0209-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017750.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2024-01-24T12:55:05Z",
"generator": {
"date": "2024-01-24T12:55:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0209-1",
"initial_release_date": "2024-01-24T12:55:05Z",
"revision_history": [
{
"date": "2024-01-24T12:55:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-embed-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-lib-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"product_id": "tomcat-webapps-9.0.36-150100.4.105.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.105.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.105.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-01-24T12:55:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
}
]
}
SUSE-SU-2024:0472-1
Vulnerability from csaf_suse - Published: 2024-02-14 14:02 - Updated: 2024-02-14 14:02Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Updated to Tomcat 9.0.85:
- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).
- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)
The following non-security issues were fixed:
- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Patchnames: SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
102 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdated to Tomcat 9.0.85:\n\n- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).\n- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).\n- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).\n- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)\n- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)\n \nThe following non-security issues were fixed:\n\n- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).\n\nFind the full release notes at:\n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-472,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472,SUSE-Storage-7.1-2024-472,openSUSE-SLE-15.5-2024-472",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0472-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0472-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240472-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0472-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216118",
"url": "https://bugzilla.suse.com/1216118"
},
{
"category": "self",
"summary": "SUSE Bug 1216119",
"url": "https://bugzilla.suse.com/1216119"
},
{
"category": "self",
"summary": "SUSE Bug 1216120",
"url": "https://bugzilla.suse.com/1216120"
},
{
"category": "self",
"summary": "SUSE Bug 1217402",
"url": "https://bugzilla.suse.com/1217402"
},
{
"category": "self",
"summary": "SUSE Bug 1217649",
"url": "https://bugzilla.suse.com/1217649"
},
{
"category": "self",
"summary": "SUSE Bug 1217768",
"url": "https://bugzilla.suse.com/1217768"
},
{
"category": "self",
"summary": "SUSE Bug 1219208",
"url": "https://bugzilla.suse.com/1219208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42794 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22029/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2024-02-14T14:02:00Z",
"generator": {
"date": "2024-02-14T14:02:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0472-1",
"initial_release_date": "2024-02-14T14:02:00Z",
"revision_history": [
{
"date": "2024-02-14T14:02:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-embed-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-javadoc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-jsvc-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-lib-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"product_id": "tomcat-webapps-9.0.85-150200.57.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-embed-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-lib-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.85-150200.57.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.85-150200.57.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42794"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nOther, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42794",
"url": "https://www.suse.com/security/cve/CVE-2023-42794"
},
{
"category": "external",
"summary": "SUSE Bug 1216120 for CVE-2023-42794",
"url": "https://bugzilla.suse.com/1216120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42794"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-45648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45648"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45648",
"url": "https://www.suse.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "SUSE Bug 1216118 for CVE-2023-45648",
"url": "https://bugzilla.suse.com/1216118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2023-45648"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-22029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22029"
}
],
"notes": [
{
"category": "general",
"text": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22029",
"url": "https://www.suse.com/security/cve/CVE-2024-22029"
},
{
"category": "external",
"summary": "SUSE Bug 1219208 for CVE-2024-22029",
"url": "https://bugzilla.suse.com/1219208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.85-150200.57.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-14T14:02:00Z",
"details": "important"
}
],
"title": "CVE-2024-22029"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
162 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
WID-SEC-W-2023-3020
Vulnerability from csaf_certbund - Published: 2023-11-28 23:00 - Updated: 2026-03-26 23:00Summary
Apache Tomcat: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker Server <19.9.0.6
Dell / NetWorker
|
Server <19.9.0.6 | ||
|
Apache Tomcat <11.0.0-M11
Apache / Tomcat
|
<11.0.0-M11 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Atlassian Confluence <8.8.0
Atlassian / Confluence
|
<8.8.0 | ||
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
IBM Power Hardware Management Console
IBM
|
cpe:/a:ibm:hardware_management_console:v10
|
— | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Jira <9.4.15
Atlassian / Jira Software
|
<9.4.15 | ||
|
Atlassian Jira <9.12.2
Atlassian / Jira Software
|
<9.12.2 | ||
|
Atlassian Confluence <8.5.5
Atlassian / Confluence
|
<8.5.5 | ||
|
Apache Tomcat <10.1.16
Apache / Tomcat
|
<10.1.16 | ||
|
Atlassian Confluence <8.7.2
Atlassian / Confluence
|
<8.7.2 | ||
|
Apache Tomcat <8.5.96
Apache / Tomcat
|
<8.5.96 | ||
|
IBM Integration Bus 10.1-10.1.0.2
IBM / Integration Bus
|
cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2
|
10.1-10.1.0.2 | |
|
Atlassian Confluence <7.19.18
Atlassian / Confluence
|
<7.19.18 | ||
|
Apache Tomcat <9.0.83
Apache / Tomcat
|
<9.0.83 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
References
41 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3020 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3020.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3020 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3020"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2023-11-28",
"url": "https://github.com/advisories/GHSA-fccv-jmmp-qg76"
},
{
"category": "external",
"summary": "Apache Mailing List vom 2023-11-28",
"url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
"url": "https://www.ibm.com/support/pages/node/7099297"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105133 vom 2024-01-05",
"url": "http://www.ibm.com/support/pages/node/7105133"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3707 vom 2024-01-05",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7107754 vom 2024-01-16",
"url": "https://www.ibm.com/support/pages/node/7107754"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1909 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/ALAS-2024-1909.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0206-1 vom 2024-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017752.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0209-1 vom 2024-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017750.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0208-1 vom 2024-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017751.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0532 vom 2024-01-29",
"url": "https://access.redhat.com/errata/RHSA-2024:0532"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0539 vom 2024-01-29",
"url": "https://access.redhat.com/errata/RHSA-2024:0539"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-107 vom 2024-01-30",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-107/index.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0539 vom 2024-01-30",
"url": "https://linux.oracle.com/errata/ELSA-2024-0539.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0539 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0539"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0472-1 vom 2024-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7118625 vom 2024-02-19 vom 2024-02-18",
"url": "https://www.ibm.com/support/pages/node/7118625"
},
{
"category": "external",
"summary": "Jira Security Advisory",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25502"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin Februar 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-february-20-2024-1354501606.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1134 vom 2024-03-05",
"url": "https://access.redhat.com/errata/RHSA-2024:1134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1092 vom 2024-03-05",
"url": "https://access.redhat.com/errata/RHSA-2024:1092"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1134 vom 2024-03-07",
"url": "https://linux.oracle.com/errata/ELSA-2024-1134.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1319 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1319"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1318 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1318"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2024-018 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2024-018.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1325 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1325"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1324 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1324"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5665 vom 2024-04-18",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00074.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5667 vom 2024-04-19",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00076.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7114769 vom 2024-04-30",
"url": "https://www.ibm.com/support/pages/node/7114769"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-208 vom 2024-05-07",
"url": "https://www.dell.com/support/kbdoc/000224800/dsa-2024-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24",
"url": "https://access.redhat.com/errata/RHSA-2024:3354"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-248 vom 2024-06-11",
"url": "https://www.dell.com/support/kbdoc/de-de/000225945/dsa-2024-248-security-update-for-dell-networker-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-134 vom 2024-07-02",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-134/index.html"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-09-03",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=4aa57cab1b1412d4534c4159cc4bcb93"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7032-1 vom 2024-09-25",
"url": "https://ubuntu.com/security/notices/USN-7032-1"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-03-26T23:00:00.000+00:00",
"generator": {
"date": "2026-03-27T09:41:24.191+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-3020",
"initial_release_date": "2023-11-28T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-04T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-01-15T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-29T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-12T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-07T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Amazon und Red Hat aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.0-M11",
"product": {
"name": "Apache Tomcat \u003c11.0.0-M11",
"product_id": "T031379"
}
},
{
"category": "product_version",
"name": "11.0.0-M11",
"product": {
"name": "Apache Tomcat 11.0.0-M11",
"product_id": "T031379-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.0-m11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.16",
"product": {
"name": "Apache Tomcat \u003c10.1.16",
"product_id": "T031380"
}
},
{
"category": "product_version",
"name": "10.1.16",
"product": {
"name": "Apache Tomcat 10.1.16",
"product_id": "T031380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.83",
"product": {
"name": "Apache Tomcat \u003c9.0.83",
"product_id": "T031381"
}
},
{
"category": "product_version",
"name": "9.0.83",
"product": {
"name": "Apache Tomcat 9.0.83",
"product_id": "T031381-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.83"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.96",
"product": {
"name": "Apache Tomcat \u003c8.5.96",
"product_id": "T031382"
}
},
{
"category": "product_version",
"name": "8.5.96",
"product": {
"name": "Apache Tomcat 8.5.96",
"product_id": "T031382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:8.5.96"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.19.18",
"product": {
"name": "Atlassian Confluence \u003c7.19.18",
"product_id": "T032051"
}
},
{
"category": "product_version",
"name": "7.19.18",
"product": {
"name": "Atlassian Confluence 7.19.18",
"product_id": "T032051-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5",
"product": {
"name": "Atlassian Confluence \u003c8.5.5",
"product_id": "T032052"
}
},
{
"category": "product_version",
"name": "8.5.5",
"product": {
"name": "Atlassian Confluence 8.5.5",
"product_id": "T032052-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.7.2",
"product": {
"name": "Atlassian Confluence \u003c8.7.2",
"product_id": "T032053"
}
},
{
"category": "product_version",
"name": "8.7.2",
"product": {
"name": "Atlassian Confluence 8.7.2",
"product_id": "T032053-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.8.0",
"product": {
"name": "Atlassian Confluence \u003c8.8.0",
"product_id": "T033011"
}
},
{
"category": "product_version",
"name": "8.8.0",
"product": {
"name": "Atlassian Confluence 8.8.0",
"product_id": "T033011-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.8.0"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.15",
"product": {
"name": "Atlassian Jira \u003c9.4.15",
"product_id": "T032975"
}
},
{
"category": "product_version",
"name": "9.4.15",
"product": {
"name": "Atlassian Jira 9.4.15",
"product_id": "T032975-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.4.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.12.2",
"product": {
"name": "Atlassian Jira \u003c9.12.2",
"product_id": "T032976"
}
},
{
"category": "product_version",
"name": "9.12.2",
"product": {
"name": "Atlassian Jira 9.12.2",
"product_id": "T032976-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.12.2"
}
}
}
],
"category": "product_name",
"name": "Jira Software"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c19.9.0.6",
"product": {
"name": "Dell NetWorker Server \u003c19.9.0.6",
"product_id": "T034567"
}
},
{
"category": "product_version",
"name": "Server 19.9.0.6",
"product": {
"name": "Dell NetWorker Server 19.9.0.6",
"product_id": "T034567-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:server__19.9.0.6"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019293",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "10.1-10.1.0.2",
"product": {
"name": "IBM Integration Bus 10.1-10.1.0.2",
"product_id": "T031084",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"category": "product_name",
"name": "IBM Power Hardware Management Console",
"product": {
"name": "IBM Power Hardware Management Console",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T002782",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46589",
"product_status": {
"known_affected": [
"T034567",
"T031379",
"67646",
"T019293",
"T004914",
"T033011",
"T024663",
"398363",
"T025159",
"T023373",
"T002782",
"T050283",
"T032975",
"T032976",
"T032052",
"T031380",
"T032053",
"T031382",
"T031084",
"T032051",
"T031381",
"T032255",
"T052048",
"T017562",
"T032495",
"T022954",
"T021621",
"2951",
"T002207",
"T000126"
]
},
"release_date": "2023-11-28T23:00:00.000+00:00",
"title": "CVE-2023-46589"
}
]
}
WID-SEC-W-2024-0094
Vulnerability from csaf_certbund - Published: 2024-01-15 23:00 - Updated: 2024-01-15 23:00Summary
Atlassian Bamboo: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Atlassian Bamboo ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Request Smuggling-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Windows
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuführen.
Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuführen.
References
11 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Atlassian Bamboo ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Request Smuggling-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0094 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0094.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0094 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0094"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25623"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25622"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25614"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25613"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25612"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25609"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25607"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25606"
},
{
"category": "external",
"summary": "Atlassian Security Advisory vom 2024-01-15",
"url": "https://jira.atlassian.com/browse/BAM-25640"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-15T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:03:40.850+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0094",
"initial_release_date": "2024-01-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.4.2",
"product": {
"name": "Atlassian Bamboo \u003c 9.4.2",
"product_id": "T032060",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.4.2"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.6",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.6",
"product_id": "T032061",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.6"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.8",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.8",
"product_id": "T032062",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.8"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.9",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.9",
"product_id": "T032064",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.9"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-\u00dcberlaufs, einer unsachgem\u00e4\u00dfen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-39410",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-\u00dcberlaufs, einer unsachgem\u00e4\u00dfen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-36478",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-\u00dcberlaufs, einer unsachgem\u00e4\u00dfen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-\u00dcberlaufs, einer unsachgem\u00e4\u00dfen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2017-7957",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-\u00dcberlaufs, einer unsachgem\u00e4\u00dfen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2017-7957"
},
{
"cve": "CVE-2020-26217",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2020-26217"
},
{
"cve": "CVE-2018-10054",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2018-10054"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuf\u00fchren."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2022-4244",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuf\u00fchren."
}
],
"release_date": "2024-01-15T23:00:00.000+00:00",
"title": "CVE-2022-4244"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…