CLSA-2023-1686586672

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2023-1686586672
Upstream
Published
2023-06-12T16:17:57Z
Modified
2026-06-04T09:46:51.524288177Z
Summary
Fix CVE(s): CVE-2020-1938, CVE-2022-42252
Details
  • SECURITY UPDATE: Apache Tomcat request smuggling
    • debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected.
    • CVE-2022-42252
  • SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
    • debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address.
    • CVE-2020-1938
References

Affected packages

TuxCare:Ubuntu:18.04
libtomcat9-embed-java

Package

Name
libtomcat9-embed-java
Purl
pkg:deb/tuxcare/libtomcat9-embed-java?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
libtomcat9-java

Package

Name
libtomcat9-java
Purl
pkg:deb/tuxcare/libtomcat9-java?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9

Package

Name
tomcat9
Purl
pkg:deb/tuxcare/tomcat9?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9-admin

Package

Name
tomcat9-admin
Purl
pkg:deb/tuxcare/tomcat9-admin?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9-common

Package

Name
tomcat9-common
Purl
pkg:deb/tuxcare/tomcat9-common?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9-docs

Package

Name
tomcat9-docs
Purl
pkg:deb/tuxcare/tomcat9-docs?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9-examples

Package

Name
tomcat9-examples
Purl
pkg:deb/tuxcare/tomcat9-examples?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"
tomcat9-user

Package

Name
tomcat9-user
Purl
pkg:deb/tuxcare/tomcat9-user?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.16-3ubuntu0.18.04.2+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1686586672.json"