USN-6908-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6908-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6908-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6908-1

Related

CVE-2019-0221
CVE-2020-9484
CVE-2021-25329

Published

2024-07-23T14:03:15.134453Z

Modified

2024-07-23T14:03:15.134453Z

Summary

tomcat vulnerabilities

Details

It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484, CVE-2021-25329)

References

Affected packages

Ubuntu:Pro:14.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.16+esm1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.52-1ubuntu0.16+esm1

Affected versions

7.*

7.0.42-1

7.0.47-1

7.0.50-1

7.0.52-1

7.0.52-1ubuntu0.1

7.0.52-1ubuntu0.3

7.0.52-1ubuntu0.6

7.0.52-1ubuntu0.7

7.0.52-1ubuntu0.8

7.0.52-1ubuntu0.9

7.0.52-1ubuntu0.10

7.0.52-1ubuntu0.11

7.0.52-1ubuntu0.13

7.0.52-1ubuntu0.14

7.0.52-1ubuntu0.15

7.0.52-1ubuntu0.16

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "tomcat7-examples": "7.0.52-1ubuntu0.16+esm1",
            "tomcat7-admin": "7.0.52-1ubuntu0.16+esm1",
            "tomcat7-user": "7.0.52-1ubuntu0.16+esm1",
            "libservlet3.0-java": "7.0.52-1ubuntu0.16+esm1",
            "libservlet3.0-java-doc": "7.0.52-1ubuntu0.16+esm1",
            "libtomcat7-java": "7.0.52-1ubuntu0.16+esm1",
            "tomcat7-docs": "7.0.52-1ubuntu0.16+esm1",
            "tomcat7": "7.0.52-1ubuntu0.16+esm1",
            "tomcat7-common": "7.0.52-1ubuntu0.16+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.4+esm2?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+esm2

Affected versions

7.*

7.0.64-1

7.0.68-1

7.0.68-1ubuntu0.1

7.0.68-1ubuntu0.3

7.0.68-1ubuntu0.4

7.0.68-1ubuntu0.4+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "tomcat7-examples": "7.0.68-1ubuntu0.4+esm2",
            "tomcat7-admin": "7.0.68-1ubuntu0.4+esm2",
            "tomcat7-user": "7.0.68-1ubuntu0.4+esm2",
            "libservlet3.0-java": "7.0.68-1ubuntu0.4+esm2",
            "libservlet3.0-java-doc": "7.0.68-1ubuntu0.4+esm2",
            "libtomcat7-java": "7.0.68-1ubuntu0.4+esm2",
            "tomcat7-docs": "7.0.68-1ubuntu0.4+esm2",
            "tomcat7": "7.0.68-1ubuntu0.4+esm2",
            "tomcat7-common": "7.0.68-1ubuntu0.4+esm2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / tomcat7

Package

Name: tomcat7
Purl: pkg:deb/ubuntu/tomcat7@7.0.78-1ubuntu0.1~esm1?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.78-1ubuntu0.1~esm1

Affected versions

7.*

7.0.78-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libservlet3.0-java": "7.0.78-1ubuntu0.1~esm1",
            "libservlet3.0-java-doc": "7.0.78-1ubuntu0.1~esm1"
        }
    ]
}