Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-24998 (GCVE-0-2023-24998)
Vulnerability from cvelistv5 – Published: 2023-02-20 15:57 – Updated: 2025-11-03 21:47
VLAI
EPSS
Title
Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
Summary
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Severity
No CVSS data available.
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Commons FileUpload |
Affected:
0 , < 1.5
(semver)
|
|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1
Affected: 10.0.0-M1 , ≤ 10.1.4 (semver) Affected: 9.0.0-M1 , ≤ 9.0.70 (semver) Affected: 8.5.0 , ≤ 8.5.84 (semver) |
Credits
Jakob Ackermann
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:24.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230302-0013/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Commons FileUpload",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "11.0.0-M1"
},
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "10.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.70",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.84",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakob Ackermann"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:06:16.472Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-24998",
"datePublished": "2023-02-20T15:57:07.372Z",
"dateReserved": "2023-02-01T10:32:05.492Z",
"dateUpdated": "2025-11-03T21:47:24.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-24998",
"date": "2026-06-28",
"epss": "0.46836",
"percentile": "0.9868"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0\", \"versionEndExcluding\": \"1.5\", \"matchCriteriaId\": \"7B386378-64A5-417D-9FE8-F25AE7A26459\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n new configuration option (FileUploadBase#setFileCountMax) is not\\n enabled by default and must be explicitly configured.\\n\\n\\n\"}]",
"id": "CVE-2023-24998",
"lastModified": "2024-11-21T07:48:54.163",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-02-20T16:15:10.423",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230302-0013/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-24998\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-02-20T16:15:10.423\",\"lastModified\":\"2026-06-17T05:40:26.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n new configuration option (FileUploadBase#setFileCountMax) is not\\n enabled by default and must be explicitly configured.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Commons FileUpload\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"status\":\"affected\"},{\"version\":\"10.0.0-M1\",\"lessThanOrEqual\":\"10.1.4\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.0-M1\",\"lessThanOrEqual\":\"9.0.70\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.84\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.5\",\"matchCriteriaId\":\"7B386378-64A5-417D-9FE8-F25AE7A26459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230302-0013/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023_6570
Vulnerability from csaf_redhat - Published: 2023-11-07 08:49 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6570",
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173872"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2184133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184133"
},
{
"category": "external",
"summary": "2189675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189675"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6570.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2024-12-06T12:21:38+00:00",
"generator": {
"date": "2024-12-06T12:21:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:6570",
"initial_release_date": "2023-11-07T08:49:34+00:00",
"revision_history": [
{
"date": "2023-11-07T08:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.src",
"product_id": "tomcat-1:9.0.62-37.el9_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_id": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-37.el9_3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-37.el9_3.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src"
},
"product_reference": "tomcat-1:9.0.62-37.el9_3.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-37.el9_3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-37.el9_3.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6570"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-1:9.0.62-37.el9_3.src",
"AppStream-9.3.0.GA:tomcat-admin-webapps-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-docs-webapp-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-lib-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch",
"AppStream-9.3.0.GA:tomcat-webapps-1:9.0.62-37.el9_3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
RHSA-2023_7065
Vulnerability from csaf_redhat - Published: 2023-11-14 15:32 - Updated: 2024-12-06 12:21Summary
Red Hat Security Advisory: tomcat security and bug fix update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7065",
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2173874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173874"
},
{
"category": "external",
"summary": "2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "2189676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189676"
},
{
"category": "external",
"summary": "2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7065.json"
}
],
"title": "Red Hat Security Advisory: tomcat security and bug fix update",
"tracking": {
"current_release_date": "2024-12-06T12:21:47+00:00",
"generator": {
"date": "2024-12-06T12:21:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.2"
}
},
"id": "RHSA-2023:7065",
"initial_release_date": "2023-11-14T15:32:23+00:00",
"revision_history": [
{
"date": "2023-11-14T15:32:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T15:32:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-06T12:21:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.src",
"product_id": "tomcat-1:9.0.62-27.el8_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_id": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.62-27.el8_9?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.62-27.el8_9.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src"
},
"product_reference": "tomcat-1:9.0.62-27.el8_9.src",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-lib-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.62-27.el8_9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.62-27.el8_9.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-28708",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180856"
}
],
"notes": [
{
"category": "description",
"text": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: not including the secure attribute causes information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "RHBZ#2180856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"category": "external",
"summary": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
},
{
"category": "workaround",
"details": "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: not including the secure attribute causes information disclosure"
},
{
"cve": "CVE-2023-28709",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2023-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2210321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Fix for CVE-2023-24998 was incomplete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "RHBZ#2210321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
}
],
"release_date": "2023-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:32:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7065"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-1:9.0.62-27.el8_9.src",
"AppStream-8.9.0.GA:tomcat-admin-webapps-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-docs-webapp-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-el-3.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-jsp-2.3-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-lib-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-servlet-4.0-api-1:9.0.62-27.el8_9.noarch",
"AppStream-8.9.0.GA:tomcat-webapps-1:9.0.62-27.el8_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Fix for CVE-2023-24998 was incomplete"
}
]
}
SUSE-SU-2023:0695-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:39 - Updated: 2023-03-10 08:39Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-695,SUSE-SLE-SERVER-12-SP2-BCL-2023-695
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-695,SUSE-SLE-SERVER-12-SP2-BCL-2023-695",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0695-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0695-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230695-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0695-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014019.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:39:56Z",
"generator": {
"date": "2023-03-10T08:39:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0695-1",
"initial_release_date": "2023-03-10T08:39:56Z",
"revision_history": [
{
"date": "2023-03-10T08:39:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-8.0.53-29.63.1.noarch",
"product_id": "tomcat-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"product_id": "tomcat-admin-webapps-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"product_id": "tomcat-docs-webapp-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-embed-8.0.53-29.63.1.noarch",
"product_id": "tomcat-embed-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"product_id": "tomcat-javadoc-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-jsvc-8.0.53-29.63.1.noarch",
"product_id": "tomcat-jsvc-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-lib-8.0.53-29.63.1.noarch",
"product_id": "tomcat-lib-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"product_id": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-8.0.53-29.63.1.noarch",
"product": {
"name": "tomcat-webapps-8.0.53-29.63.1.noarch",
"product_id": "tomcat-webapps-8.0.53-29.63.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.63.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.63.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.63.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.63.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:39:56Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0696-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:40 - Updated: 2023-03-10 08:40Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-696,SUSE-OpenStack-Cloud-9-2023-696,SUSE-OpenStack-Cloud-Crowbar-9-2023-696,SUSE-SLE-SAP-12-SP4-2023-696,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-696,SUSE-SLE-SERVER-12-SP4-LTSS-2023-696,SUSE-SLE-SERVER-12-SP5-2023-696
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-696,SUSE-OpenStack-Cloud-9-2023-696,SUSE-OpenStack-Cloud-Crowbar-9-2023-696,SUSE-SLE-SAP-12-SP4-2023-696,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-696,SUSE-SLE-SERVER-12-SP4-LTSS-2023-696,SUSE-SLE-SERVER-12-SP5-2023-696",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0696-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0696-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230696-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0696-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:40:20Z",
"generator": {
"date": "2023-03-10T08:40:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0696-1",
"initial_release_date": "2023-03-10T08:40:20Z",
"revision_history": [
{
"date": "2023-03-10T08:40:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.99.1.noarch",
"product_id": "tomcat-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.99.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.99.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.99.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.99.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-espos:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.99.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.99.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.99.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.99.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:40:20Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0697-1
Vulnerability from csaf_suse - Published: 2023-03-10 08:41 - Updated: 2023-03-10 08:41Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-697,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-697
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-697,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-697,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-697",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0697-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0697-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230697-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0697-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014017.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-03-10T08:41:01Z",
"generator": {
"date": "2023-03-10T08:41:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0697-1",
"initial_release_date": "2023-03-10T08:41:01Z",
"revision_history": [
{
"date": "2023-03-10T08:41:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-embed-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-lib-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"product_id": "tomcat-webapps-9.0.36-150100.4.87.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-150100.4.87.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:tomcat-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-admin-webapps-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-el-3_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-lib-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-servlet-4_0-api-9.0.36-150100.4.87.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:tomcat-webapps-9.0.36-150100.4.87.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-10T08:41:01Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0730-1
Vulnerability from csaf_suse - Published: 2023-03-14 15:59 - Updated: 2023-03-14 15:59Summary
Security update for jakarta-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for jakarta-commons-fileupload
Description of the patch: This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-730,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-730,openSUSE-SLE-15.4-2023-730
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jakarta-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jakarta-commons-fileupload fixes the following issues:\n\n- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). \n- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-730,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-730,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-730,openSUSE-SLE-15.4-2023-730",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0730-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0730-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230730-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0730-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 986359",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for jakarta-commons-fileupload",
"tracking": {
"current_release_date": "2023-03-14T15:59:49Z",
"generator": {
"date": "2023-03-14T15:59:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0730-1",
"initial_release_date": "2023-03-14T15:59:49Z",
"revision_history": [
{
"date": "2023-03-14T15:59:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"product_id": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
}
},
{
"category": "product_version",
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"product_id": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3092"
}
],
"notes": [
{
"category": "general",
"text": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3092",
"url": "https://www.suse.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "SUSE Bug 1068865 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/1068865"
},
{
"category": "external",
"summary": "SUSE Bug 986359 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-14T15:59:49Z",
"details": "important"
}
],
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-1.1.1-150000.4.8.1.noarch",
"openSUSE Leap 15.4:jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-14T15:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:0758-1
Vulnerability from csaf_suse - Published: 2023-03-16 10:34 - Updated: 2023-03-16 10:34Summary
Security update for jakarta-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for jakarta-commons-fileupload
Description of the patch: This update for jakarta-commons-fileupload fixes the following issues:
- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359).
- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-758,SUSE-OpenStack-Cloud-9-2023-758,SUSE-OpenStack-Cloud-Crowbar-9-2023-758,SUSE-SLE-SAP-12-SP4-2023-758,SUSE-SLE-SERVER-12-SP2-BCL-2023-758,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-758,SUSE-SLE-SERVER-12-SP4-LTSS-2023-758,SUSE-SLE-SERVER-12-SP5-2023-758
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jakarta-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jakarta-commons-fileupload fixes the following issues:\n\n- CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). \n- CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-758,SUSE-OpenStack-Cloud-9-2023-758,SUSE-OpenStack-Cloud-Crowbar-9-2023-758,SUSE-SLE-SAP-12-SP4-2023-758,SUSE-SLE-SERVER-12-SP2-BCL-2023-758,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-758,SUSE-SLE-SERVER-12-SP4-LTSS-2023-758,SUSE-SLE-SERVER-12-SP5-2023-758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0758-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0758-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230758-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0758-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 986359",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for jakarta-commons-fileupload",
"tracking": {
"current_release_date": "2023-03-16T10:34:45Z",
"generator": {
"date": "2023-03-16T10:34:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0758-1",
"initial_release_date": "2023-03-16T10:34:45Z",
"revision_history": [
{
"date": "2023-03-16T10:34:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"product_id": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
}
},
{
"category": "product_version",
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"product": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"product_id": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-espos:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
},
"product_reference": "jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3092"
}
],
"notes": [
{
"category": "general",
"text": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3092",
"url": "https://www.suse.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "SUSE Bug 1068865 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/1068865"
},
{
"category": "external",
"summary": "SUSE Bug 986359 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T10:34:45Z",
"details": "important"
}
],
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-ESPOS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP4-LTSS:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-1.1.1-122.8.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:jakarta-commons-fileupload-javadoc-1.1.1-122.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T10:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:1769-1
Vulnerability from csaf_suse - Published: 2023-04-05 09:07 - Updated: 2023-04-05 09:07Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).
- CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513).
Patchnames: SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).\n- CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:1769-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20231769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:1769-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-April/028652.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 1209622",
"url": "https://bugzilla.suse.com/1209622"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-04-05T09:07:57Z",
"generator": {
"date": "2023-04-05T09:07:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:1769-1",
"initial_release_date": "2023-04-05T09:07:57Z",
"revision_history": [
{
"date": "2023-04-05T09:07:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-embed-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-embed-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-javadoc-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-jsvc-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-lib-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"product_id": "tomcat-webapps-9.0.43-150200.35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-embed-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-04-05T09:07:57Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-04-05T09:07:57Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
}
]
}
SUSE-SU-2023:2390-1
Vulnerability from csaf_suse - Published: 2023-06-06 06:27 - Updated: 2023-06-06 06:27Summary
Security update for apache-commons-fileupload
Severity
Important
Notes
Title of the patch: Security update for apache-commons-fileupload
Description of the patch: This update for apache-commons-fileupload fixes the following issues:
Updated to version 1.5:
- CVE-2023-24998: Added a configurable maximum number of files to
upload per request (bsc#1208513).
Patchnames: SUSE-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2390,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2390,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2390,SUSE-Storage-7-2023-2390,SUSE-Storage-7.1-2023-2390,openSUSE-SLE-15.4-2023-2390,openSUSE-SLE-15.5-2023-2390
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache-commons-fileupload",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache-commons-fileupload fixes the following issues:\n\nUpdated to version 1.5:\n- CVE-2023-24998: Added a configurable maximum number of files to\n upload per request (bsc#1208513).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2390,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2390,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2390,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2390,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2390,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2390,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2390,SUSE-Storage-7-2023-2390,SUSE-Storage-7.1-2023-2390,openSUSE-SLE-15.4-2023-2390,openSUSE-SLE-15.5-2023-2390",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2390-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2390-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232390-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2390-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-June/029737.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
}
],
"title": "Security update for apache-commons-fileupload",
"tracking": {
"current_release_date": "2023-06-06T06:27:47Z",
"generator": {
"date": "2023-06-06T06:27:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2390-1",
"initial_release_date": "2023-06-06T06:27:47Z",
"revision_history": [
{
"date": "2023-06-06T06:27:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"product": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"product_id": "apache-commons-fileupload-1.5-150200.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"product": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"product_id": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
},
"product_reference": "apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"SUSE Manager Server 4.2:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.4:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-1.5-150200.3.9.1.noarch",
"openSUSE Leap 15.5:apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-06T06:27:47Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
}
]
}
SUSE-SU-2023:2505-1
Vulnerability from csaf_suse - Published: 2023-06-13 15:42 - Updated: 2023-06-13 15:42Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Updated to version 9.0.75:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608).
Patchnames: SUSE-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2505,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2505,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2505,SUSE-Storage-7-2023-2505,SUSE-Storage-7.1-2023-2505,openSUSE-SLE-15.4-2023-2505,openSUSE-SLE-15.5-2023-2505
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
106 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdated to version 9.0.75:\n- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2505,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2505,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2505,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2505,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2505,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2505,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2505,SUSE-Storage-7-2023-2505,SUSE-Storage-7.1-2023-2505,openSUSE-SLE-15.4-2023-2505,openSUSE-SLE-15.5-2023-2505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2505-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2505-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232505-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2505-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015174.html"
},
{
"category": "self",
"summary": "SUSE Bug 1208513",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "self",
"summary": "SUSE Bug 1211608",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2023-06-13T15:42:43Z",
"generator": {
"date": "2023-06-13T15:42:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2505-1",
"initial_release_date": "2023-06-13T15:42:43Z",
"revision_history": [
{
"date": "2023-06-13T15:42:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-embed-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-javadoc-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-jsvc-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-lib-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"product_id": "tomcat-webapps-9.0.75-150200.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-embed-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-embed-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-lib-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.75-150200.41.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.75-150200.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-13T15:42:43Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Enterprise Storage 7:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-lib-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"SUSE Manager Server 4.2:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.4:tomcat-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-admin-webapps-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-docs-webapp-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-el-3_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-embed-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-javadoc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-jsvc-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-lib-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch",
"openSUSE Leap 15.5:tomcat-webapps-9.0.75-150200.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-13T15:42:43Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…