It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418)
It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "libservlet3.1-java" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "libservlet3.1-java-doc" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "libtomcat8-java" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8-admin" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8-common" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8-docs" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8-examples" }, { "binary_version": "8.0.32-1ubuntu1.11", "binary_name": "tomcat8-user" } ] }