VYPR

rpm package

suse/tomcat&distro=SUSE Manager Retail Branch Server 4.0

pkg:rpm/suse/tomcat&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0

Vulnerabilities (3)

  • CVE-2021-25329Mar 1, 2021
    affected < 9.0.36-4.58.1fixed 9.0.36-4.58.1

    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note tha

  • CVE-2021-25122Mar 1, 2021
    affected < 9.0.36-4.58.1fixed 9.0.36-4.58.1

    When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results

  • CVE-2021-24122Jan 14, 2021
    affected < 9.0.36-4.58.1fixed 9.0.36-4.58.1

    When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpec