system environment/daemons

tomcat - Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API

Website: http://tomcat.apache.org/
License: ASL 2.0
Vendor: Scientific Linux
Description:
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.

Packages

tomcat-7.0.76-16.el7_9.noarch [89 KiB] Changelog by Hui Wang (2020-09-23):
- Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
tomcat-7.0.76-15.el7.noarch [89 KiB] Changelog by Coty Sutherland (2020-07-17):
- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
tomcat-7.0.76-12.el7_8.noarch [88 KiB] Changelog by Coty Sutherland (2020-05-21):
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence
tomcat-7.0.76-11.el7_7.noarch [88 KiB] Changelog by Coty Sutherland (2020-03-03):
- Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
tomcat-7.0.76-9.el7_6.noarch [87 KiB] Changelog by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
tomcat-7.0.76-9.el7.noarch [88 KiB] Changelog by Coty Sutherland (2019-02-12):
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

Listing created by Repoview-0.6.6-4.el7