CLSA-2023-1691083477
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2023-1691083477.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2023-1691083477
- Upstream
- Published
- 2023-08-03T17:24:42Z
- Modified
- 2026-06-04T10:03:50.389828724Z
- Summary
- Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484
- Details
-
- SECURITY UPDATE: Remote Code Execution via session persistence
- debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore.
- CVE-2020-9484
- SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete
- debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected.
- debian/patches/CVE-2021-25329.patch: Use java.nio.file.Path for consistent sub-directory checking.
- CVE-2021-25329
- SECURITY UPDATE: Local Privilege Escalation
- debian/patches/CVE-2022-23181.patch: Make calculation of session storage location more robust.
- CVE-2022-23181
- Update the expired test certificates:
- debian/testcerts/.pem|.jks: Take the last test certificates from the upstream branch 8.5.x.
- debian/source/include-binaries: Specifying the binary *.jks files to prevent build failures.
- debian/rules: Before the testing stage, the old certificates in the source code are replaced with the new ones from debian/testcerts.
- SECURITY UPDATE: Remote Code Execution via session persistence
- References