1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
<< Mandriva | Distributions | Gentoo >>
Community
Support
|
Debian Planet
|
Debian Security Notices
- DSA-5667-1 tomcat9 - security update
Several security vulnerabilities have been discovered in the Tomcatservlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. CVE-2024-24549 Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. https://security-tracker.debian.org/tracker/DSA-5667-1
- DSA-5665-1 tomcat10 - security update
Several security vulnerabilities have been discovered in the Tomcatservlet and JSP engine. CVE-2023-46589 Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. CVE-2024-24549 Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.
https://security-tracker.debian.org/tracker/DSA-5665-1
|