RHSA-2024:0474
Advisory lineage Upstream: 4 Downstream: 0
Published: 20 Sept 2024, 14:46
Last modified:30 May 2026, 10:04
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Sept 2024, 14:46
Published
Vulnerability first disclosed
30 May 2026, 10:04
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: tomcat security update
CVSS Metrics
- v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- redhat•tomcat
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-admin-webapps
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-docs-webapp
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-el-3.0-api
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-jsp-2.3-api
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-lib
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-servlet-4.0-api
< 1:9.0.62-37.el9_3.1
- redhat•tomcat-webapps
< 1:9.0.62-37.el9_3.1
References (26)
- https://access.redhat.com/errata/RHSA-2024:0474
- https://access.redhat.com/security/updates/classification/#moderate
- https://bugzilla.redhat.com/show_bug.cgi?id=2235370
- https://bugzilla.redhat.com/show_bug.cgi?id=2243749
- https://bugzilla.redhat.com/show_bug.cgi?id=2243751
- https://bugzilla.redhat.com/show_bug.cgi?id=2243752
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0474.json
- https://access.redhat.com/security/cve/CVE-2023-41080
- https://www.cve.org/CVERecord?id=CVE-2023-41080
- https://nvd.nist.gov/vuln/detail/CVE-2023-41080
- https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
- https://access.redhat.com/security/cve/CVE-2023-42794
- https://www.cve.org/CVERecord?id=CVE-2023-42794
- https://nvd.nist.gov/vuln/detail/CVE-2023-42794
- http://www.openwall.com/lists/oss-security/2023/10/10/8
- https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
- https://access.redhat.com/security/cve/CVE-2023-42795
- https://www.cve.org/CVERecord?id=CVE-2023-42795
- https://nvd.nist.gov/vuln/detail/CVE-2023-42795
- http://www.openwall.com/lists/oss-security/2023/10/10/9
- https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
- https://access.redhat.com/security/cve/CVE-2023-45648
- https://www.cve.org/CVERecord?id=CVE-2023-45648
- https://nvd.nist.gov/vuln/detail/CVE-2023-45648
- http://www.openwall.com/lists/oss-security/2023/10/10/10
- https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp