{"affected":[{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.53-10.43.1","tomcat-admin-webapps":"8.0.53-10.43.1","tomcat-docs-webapp":"8.0.53-10.43.1","tomcat-el-3_0-api":"8.0.53-10.43.1","tomcat-javadoc":"8.0.53-10.43.1","tomcat-jsp-2_3-api":"8.0.53-10.43.1","tomcat-lib":"8.0.53-10.43.1","tomcat-servlet-3_1-api":"8.0.53-10.43.1","tomcat-webapps":"8.0.53-10.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.53-10.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.53-10.43.1","tomcat-admin-webapps":"8.0.53-10.43.1","tomcat-docs-webapp":"8.0.53-10.43.1","tomcat-el-3_0-api":"8.0.53-10.43.1","tomcat-javadoc":"8.0.53-10.43.1","tomcat-jsp-2_3-api":"8.0.53-10.43.1","tomcat-lib":"8.0.53-10.43.1","tomcat-servlet-3_1-api":"8.0.53-10.43.1","tomcat-webapps":"8.0.53-10.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.53-10.43.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tomcat fixes the following issues:\n\nCVE-2020-9484 (bsc#1171928)\nApache Tomcat Remote Code Execution via session persistence\n\nIf an attacker was able to control the contents and name of a file on a\nserver configured to use the PersistenceManager, then the attacker could\nhave triggered a remote code execution via deserialization of the file under\ntheir control.\n\nCVE-2019-12418 (bsc#1159723)\nLocal privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack\n\nWhen Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface.\nThe attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.\n\nCVE-2019-0221 (bsc#1136085)\nThe SSI printenv command echoed user provided data without escaping, which\nmade it vulnerable to XSS.\n\nCVE-2019-17563 (bsc#1159729)\nWhen using FORM authentication there was a narrow window where an attacker could perform a session fixation attack.\n\nCVE-2019-17569 (bsc#1164825)\nInvalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling\nif Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header.\n\n","id":"SUSE-SU-2020:1497-1","modified":"2020-05-28T07:58:11Z","published":"2020-05-28T07:58:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20201497-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1136085"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159723"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159729"},{"type":"REPORT","url":"https://bugzilla.suse.com/1164825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171928"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-0221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12418"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17563"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9484"}],"related":["CVE-2019-0221","CVE-2019-12418","CVE-2019-17563","CVE-2019-17569","CVE-2020-9484"],"summary":"Security update for tomcat","upstream":["CVE-2019-0221","CVE-2019-12418","CVE-2019-17563","CVE-2019-17569","CVE-2020-9484"]}