RHSA-2016:2046

Description

Red Hat Security Advisory: tomcat security update

CVSS Metrics

• v3.0•HIGH•Score: 8.1CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•tomcat

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-admin-webapps

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-docs-webapp

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-el-2.2-api

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-javadoc

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-jsp-2.2-api

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-jsvc

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-lib

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-servlet-3.0-api

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

• redhat•tomcat-webapps

  < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2 | < 0:7.0.54-8.el7_2

References (29)

• https://access.redhat.com/errata/RHSA-2016:2046
• https://access.redhat.com/security/updates/classification/#important
• https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59
• https://bugzilla.redhat.com/show_bug.cgi?id=1222573
• https://bugzilla.redhat.com/show_bug.cgi?id=1311085
• https://bugzilla.redhat.com/show_bug.cgi?id=1353809
• https://bugzilla.redhat.com/show_bug.cgi?id=1362545
• https://bugzilla.redhat.com/show_bug.cgi?id=1367447
• https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2046.json
• https://access.redhat.com/security/cve/CVE-2014-7810
• https://www.cve.org/CVERecord?id=CVE-2014-7810
• https://nvd.nist.gov/vuln/detail/CVE-2014-7810
• http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59
• http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17
• https://access.redhat.com/security/cve/CVE-2015-5346
• https://www.cve.org/CVERecord?id=CVE-2015-5346
• https://nvd.nist.gov/vuln/detail/CVE-2015-5346
• http://seclists.org/bugtraq/2016/Feb/143
• https://access.redhat.com/security/cve/CVE-2016-5388
• https://www.cve.org/CVERecord?id=CVE-2016-5388
• https://nvd.nist.gov/vuln/detail/CVE-2016-5388
• https://access.redhat.com/security/cve/CVE-2016-5425
• https://www.cve.org/CVERecord?id=CVE-2016-5425
• https://nvd.nist.gov/vuln/detail/CVE-2016-5425
• http://legalhackers.com/advisories/Tomcat-RedHat-based-Root-Privilege-Escalation-Exploit.txt
• https://access.redhat.com/security/cve/CVE-2016-6325
• https://www.cve.org/CVERecord?id=CVE-2016-6325
• https://nvd.nist.gov/vuln/detail/CVE-2016-6325