CLSA-2023-1686586528

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2023-1686586528
Upstream
Published
2023-06-12T16:15:33Z
Modified
2026-06-04T09:46:51.326408342Z
Summary
Fix CVE(s): CVE-2020-1938, CVE-2022-42252
Details
  • SECURITY UPDATE: Apache Tomcat request smuggling
    • debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected.
    • CVE-2022-42252
  • SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
    • debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address.
    • CVE-2020-1938
References

Affected packages

TuxCare:Ubuntu:18.04
libtomcat8-embed-java

Package

Name
libtomcat8-embed-java
Purl
pkg:deb/tuxcare/libtomcat8-embed-java?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
libtomcat8-java

Package

Name
libtomcat8-java
Purl
pkg:deb/tuxcare/libtomcat8-java?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8

Package

Name
tomcat8
Purl
pkg:deb/tuxcare/tomcat8?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8-admin

Package

Name
tomcat8-admin
Purl
pkg:deb/tuxcare/tomcat8-admin?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8-common

Package

Name
tomcat8-common
Purl
pkg:deb/tuxcare/tomcat8-common?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8-docs

Package

Name
tomcat8-docs
Purl
pkg:deb/tuxcare/tomcat8-docs?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8-examples

Package

Name
tomcat8-examples
Purl
pkg:deb/tuxcare/tomcat8-examples?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"
tomcat8-user

Package

Name
tomcat8-user
Purl
pkg:deb/tuxcare/tomcat8-user?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.39-1ubuntu1~18.04.3+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586528.json"