It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418)
It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet3.1-java", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "libservlet3.1-java-doc", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "libtomcat8-java", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-admin", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-common", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-docs", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-examples", "binary_version": "8.0.32-1ubuntu1.11" }, { "binary_name": "tomcat8-user", "binary_version": "8.0.32-1ubuntu1.11" } ] }