Red Hat Security Advisory 2021-3140-01 - This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, bypass, code execution, cross site scripting, denial of service, deserialization, information leakage, man-in-the-middle, memory leak, resource exhaustion, server-side request forgery, remote SQL injection, and traversal vulnerabilities.
7b87634aaeff995c7acbe482688b36f551a706a54a262f6607bd35c528818502
Red Hat Security Advisory 2021-0292-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.6 serves as a replacement for Red Hat support for Spring Boot 2.3.4, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
3c53b89283c4d6ed32a97e562755fa31e592b5ddb2776f643ed96c31f31b1ea4
Red Hat Security Advisory 2020-5388-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.11 serves as a replacement for Red Hat support for Spring Boot 2.2.10, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
5a8af553d669a8f417b0e9bf9c65d2e5f4d24d7c4328c679427e9e19869aca54
Red Hat Security Advisory 2020-5170-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
74b7da70962c78e8dd76545177fb793cfdcb13e8c07aa5f8f8e90f76e2db3c89
Red Hat Security Advisory 2020-5173-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
877d8d731340825e057ddcd6cb5ac5470e3f9b0da914cf437032fe420fc294b9
Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
586eca4f5ac4ca20d495e510bd4240f87e2caec95b0525e93efdd8b31a455a34
Debian Linux Security Advisory 4727-1 - Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service.
274e4c80814502db86cc265c09af8e2c5a452a989f7b07f672b7faaeb0c48ce7