Vulnerability from csaf_suse
Published
2023-10-19 07:52
Modified
2023-10-19 07:52
Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
Tomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377):
- Security issues fixed:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)
* CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182)
- Update to Tomcat 9.0.82:
* Catalina
+ Add: 65770: Provide a lifecycle listener that will
automatically reload TLS configurations a set time before the
certificate is due to expire. This is intended to be used with
third-party tools that regularly renew TLS certificates.
+ Fix: Fix handling of an error reading a context descriptor on
deployment.
+ Fix: Fix rewrite rule qsd (query string discard) being ignored
if qsa was also use, while it should instead take precedence.
+ Fix: 67472: Send fewer CORS-related headers when CORS is not
actually being engaged.
+ Add: Improve handling of failures within recycle() methods.
* Coyote
+ Fix: 67670: Fix regression with HTTP compression after code
refactoring.
+ Fix: 67198: Ensure that the AJP connector attribute
tomcatAuthorization takes precedence over the
tomcatAuthentication attribute when processing an auth_type
attribute received from a proxy server.
+ Fix: 67235: Fix a NullPointerException when an AsyncListener
handles an error with a dispatch rather than a complete.
+ Fix: When an error occurs during asynchronous processing,
ensure that the error handling process is only triggered once
per asynchronous cycle.
+ Fix: Fix logic issue trying to match no argument method in
IntropectionUtil.
+ Fix: Improve thread safety around readNotify and writeNotify
in the NIO2 endpoint.
+ Fix: Avoid rare thread safety issue accessing message digest
map.
+ Fix: Improve statistics collection for upgraded connections
under load.
+ Fix: Align validation of HTTP trailer fields with standard
fields.
+ Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
CVE-2023-44487)
* jdbc-pool
+ Fix: 67664: Correct a regression in the clean-up of
unnecessary use of fully qualified class names in 9.0.81
that broke the jdbc-pool.
* Jasper
+ Fix: 67080: Improve performance of EL expressions in JSPs that
use implicit objects
- Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377):
* Catalina:
+ Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks
+ Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop()
methods.
+ Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with
one or more Connectors to process requests received by those Connectors using virtual threads. This Executor
requires a minimum Java version of Java 21.
+ Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no
more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses
the Valve and the reason if a request fails to obtain the per session Semaphore.
+ Ensure that the default servlet correctly escapes file names in directory listings when using XML output.
+ Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting
in the XSLT.
+ Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock.
+ Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false
as support for the associated HTTP header has been removed from all major browsers.
+ Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information
environment entries.
+ Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping
from a properties file.
+ Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately
crafted to allow it even when allowLinking was set to false.
+ Add utility config file resource lookup on Context to allow looking up resources from the webapp
(prefixed with webapp:) and make the resource lookup API more visible.
+ Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan.
+ Make parsing of ExtendedAccessLogValve patterns more robust.
+ Fix failure trying to persist configuration for an internal credential handler.
+ When serializing a session during the session presistence process, do not log a warning that null Principals are
not serializable.
+ Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections.
+ Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance.
+ The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed
first.
+ If an application or library sets both a non-500 error code and the javax.servlet.error.exception request
attribute, use the provided error code during error page processing rather than assuming an error code of 500.
+ Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and
kB.
* Coyote:
+ Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined
in RFC 7540.
+ Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload.
+ Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather
than reflecting the most recent conversion.
+ Correct certificate logging on start-up so it differentiates between keystore based keys/certificates:
PEM file based keys/certificates and logs the relevant information for each.
+ Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from
the Poller to be missed resuting in a timeout rather than the expected read or write.
+ Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait.
+ Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the
certificateKeystoreFile attribute of an SSLHostConfigCertificate instance.
+ Refactor HTTP/2 implementation to reduce pinning when using virtual threads.
+ Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying
to parse it.
+ Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2.
+ When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2
overhead count to ensure that connections are not prematurely terminated.
+ Correct a race condition that could cause spurious RST messages to be sent after the response had been written to
an HTTP/2 stream.
* WebSocket:
+ Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a
WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid
characters from the base64 alphabet are used.
+ Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown.
+ Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before
the onClose() event had been completed.
+ Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate.
* Web applications:
+ Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration
section for the Digest authentication value.
+ Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the
java.io.tmpdir system property.
+ Documentation: Fix a typo in the name of the algorithms
+ Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB.
* jdbc-pool:
+ Fix the releaseIdleCounter does not increment when testAllIdle releases them.
+ Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs
while writing.
* Other:
+ Update to Commons Daemon 1.3.4.
+ Improvements to French translations.
+ Update Checkstyle to 10.12.0.
+ Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built
with with OpenSSL 1.1.1u.
+ Include the Windows specific binary distributions in the files uploaded to Maven Central.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Update UnboundID to 6.0.9.
+ Update Checkstyle to 10.12.1.
+ Update BND to 6.4.1.66665:
+ Update JSign to 5.0.
+ Correct properties for JSign dependency.
+ Align documentation for maxParameterCount to match hard-coded defaults.
+ Update NSIS to 3.0.9.
+ Update Checkstyle to 10.12.2.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java
executable contains spaces.
+ Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v.
+ Improvements to Chinese translations.
+ Improvements to French translations.
+ Improvements to Japanese translations
Patchnames
SUSE-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4129,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4129,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4129,SUSE-Storage-7.1-2023-4129
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tomcat", title: "Title of the patch", }, { category: "description", text: "This update for tomcat fixes the following issues:\n\nTomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377):\n \n- Security issues fixed:\n\n * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)\n * CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182)\n \n- Update to Tomcat 9.0.82:\n \n * Catalina\n \n + Add: 65770: Provide a lifecycle listener that will\n automatically reload TLS configurations a set time before the\n certificate is due to expire. This is intended to be used with\n third-party tools that regularly renew TLS certificates.\n + Fix: Fix handling of an error reading a context descriptor on\n deployment.\n + Fix: Fix rewrite rule qsd (query string discard) being ignored\n if qsa was also use, while it should instead take precedence.\n + Fix: 67472: Send fewer CORS-related headers when CORS is not\n actually being engaged.\n + Add: Improve handling of failures within recycle() methods.\n \n * Coyote\n \n + Fix: 67670: Fix regression with HTTP compression after code\n refactoring.\n + Fix: 67198: Ensure that the AJP connector attribute\n tomcatAuthorization takes precedence over the\n tomcatAuthentication attribute when processing an auth_type\n attribute received from a proxy server.\n + Fix: 67235: Fix a NullPointerException when an AsyncListener\n handles an error with a dispatch rather than a complete.\n + Fix: When an error occurs during asynchronous processing,\n ensure that the error handling process is only triggered once\n per asynchronous cycle.\n + Fix: Fix logic issue trying to match no argument method in\n IntropectionUtil.\n + Fix: Improve thread safety around readNotify and writeNotify\n in the NIO2 endpoint.\n + Fix: Avoid rare thread safety issue accessing message digest\n map.\n + Fix: Improve statistics collection for upgraded connections\n under load.\n + Fix: Align validation of HTTP trailer fields with standard\n fields.\n + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,\n CVE-2023-44487)\n \n * jdbc-pool\n \n + Fix: 67664: Correct a regression in the clean-up of\n unnecessary use of fully qualified class names in 9.0.81\n that broke the jdbc-pool.\n \n * Jasper\n \n + Fix: 67080: Improve performance of EL expressions in JSPs that\n use implicit objects\n \n- Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377):\n \n * Catalina:\n \n + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks\n + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop()\n methods.\n + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with\n one or more Connectors to process requests received by those Connectors using virtual threads. This Executor\n requires a minimum Java version of Java 21.\n + Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no\n more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses\n the Valve and the reason if a request fails to obtain the per session Semaphore.\n + Ensure that the default servlet correctly escapes file names in directory listings when using XML output.\n + Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting\n in the XSLT.\n + Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock.\n + Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false\n as support for the associated HTTP header has been removed from all major browsers.\n + Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information\n environment entries.\n + Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping\n from a properties file.\n + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately\n crafted to allow it even when allowLinking was set to false.\n + Add utility config file resource lookup on Context to allow looking up resources from the webapp \n (prefixed with webapp:) and make the resource lookup API more visible.\n + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan.\n + Make parsing of ExtendedAccessLogValve patterns more robust.\n + Fix failure trying to persist configuration for an internal credential handler.\n + When serializing a session during the session presistence process, do not log a warning that null Principals are\n not serializable.\n + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections.\n + Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance.\n + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed\n first.\n + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request\n attribute, use the provided error code during error page processing rather than assuming an error code of 500.\n + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and\n kB.\n\n * Coyote:\n\n + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined\n in RFC 7540.\n + Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload.\n + Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather\n than reflecting the most recent conversion.\n + Correct certificate logging on start-up so it differentiates between keystore based keys/certificates:\n PEM file based keys/certificates and logs the relevant information for each.\n + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from\n the Poller to be missed resuting in a timeout rather than the expected read or write.\n + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait.\n + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the\n certificateKeystoreFile attribute of an SSLHostConfigCertificate instance.\n + Refactor HTTP/2 implementation to reduce pinning when using virtual threads.\n + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying\n to parse it.\n + Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2.\n + When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2\n overhead count to ensure that connections are not prematurely terminated.\n + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to\n an HTTP/2 stream.\n\n * WebSocket:\n\n + Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a\n WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid\n characters from the base64 alphabet are used.\n + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown.\n + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before \n the onClose() event had been completed.\n + Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate.\n \n * Web applications:\n\n + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration\n section for the Digest authentication value.\n + Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the\n java.io.tmpdir system property.\n + Documentation: Fix a typo in the name of the algorithms\n + Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB.\n\n * jdbc-pool:\n\n + Fix the releaseIdleCounter does not increment when testAllIdle releases them.\n + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs\n while writing.\n\n * Other:\n\n + Update to Commons Daemon 1.3.4.\n + Improvements to French translations.\n + Update Checkstyle to 10.12.0.\n + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built\n with with OpenSSL 1.1.1u.\n + Include the Windows specific binary distributions in the files uploaded to Maven Central.\n + Improvements to French translations.\n + Improvements to Japanese translations.\n + Update UnboundID to 6.0.9.\n + Update Checkstyle to 10.12.1.\n + Update BND to 6.4.1.66665:\n + Update JSign to 5.0.\n + Correct properties for JSign dependency.\n + Align documentation for maxParameterCount to match hard-coded defaults.\n + Update NSIS to 3.0.9.\n + Update Checkstyle to 10.12.2.\n + Improvements to French translations.\n + Improvements to Japanese translations.\n + Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java\n executable contains spaces.\n + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v.\n + Improvements to Chinese translations.\n + Improvements to French translations.\n + Improvements to Japanese translations\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4129,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4129,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4129,SUSE-Storage-7.1-2023-4129", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4129-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4129-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234129-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4129-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016747.html", }, { category: "self", summary: "SUSE Bug 1214666", url: "https://bugzilla.suse.com/1214666", }, { category: "self", summary: "SUSE Bug 1216182", url: "https://bugzilla.suse.com/1216182", }, { category: "self", summary: "SUSE CVE CVE-2023-41080 page", url: "https://www.suse.com/security/cve/CVE-2023-41080/", }, { category: "self", summary: "SUSE CVE CVE-2023-44487 page", url: "https://www.suse.com/security/cve/CVE-2023-44487/", }, ], title: "Security update for tomcat", tracking: { current_release_date: "2023-10-19T07:52:28Z", generator: { date: "2023-10-19T07:52:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4129-1", initial_release_date: "2023-10-19T07:52:28Z", revision_history: [ { date: "2023-10-19T07:52:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tomcat-9.0.82-150200.46.1.noarch", product: { name: "tomcat-9.0.82-150200.46.1.noarch", product_id: "tomcat-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", product: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", product_id: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-docs-webapp-9.0.82-150200.46.1.noarch", product: { name: "tomcat-docs-webapp-9.0.82-150200.46.1.noarch", product_id: "tomcat-docs-webapp-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", product: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", product_id: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-embed-9.0.82-150200.46.1.noarch", product: { name: "tomcat-embed-9.0.82-150200.46.1.noarch", product_id: "tomcat-embed-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-javadoc-9.0.82-150200.46.1.noarch", product: { name: "tomcat-javadoc-9.0.82-150200.46.1.noarch", product_id: "tomcat-javadoc-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", product: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", product_id: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-jsvc-9.0.82-150200.46.1.noarch", product: { name: "tomcat-jsvc-9.0.82-150200.46.1.noarch", product_id: "tomcat-jsvc-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-lib-9.0.82-150200.46.1.noarch", product: { name: "tomcat-lib-9.0.82-150200.46.1.noarch", product_id: "tomcat-lib-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", product: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", product_id: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, }, { category: "product_version", name: "tomcat-webapps-9.0.82-150200.46.1.noarch", product: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch", product_id: "tomcat-webapps-9.0.82-150200.46.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.2", product: { name: "SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.2", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP4", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "tomcat-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-admin-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-lib-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-9.0.82-150200.46.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", }, product_reference: "tomcat-webapps-9.0.82-150200.46.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, ], }, vulnerabilities: [ { cve: "CVE-2023-41080", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-41080", }, ], notes: [ { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-41080", url: "https://www.suse.com/security/cve/CVE-2023-41080", }, { category: "external", summary: "SUSE Bug 1214666 for CVE-2023-41080", url: "https://bugzilla.suse.com/1214666", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-10-19T07:52:28Z", details: "moderate", }, ], title: "CVE-2023-41080", }, { cve: "CVE-2023-44487", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-44487", }, ], notes: [ { category: "general", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-44487", url: "https://www.suse.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1216123 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216123", }, { category: "external", summary: "SUSE Bug 1216169 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216169", }, { category: "external", summary: "SUSE Bug 1216171 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216171", }, { category: "external", summary: "SUSE Bug 1216174 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216174", }, { category: "external", summary: "SUSE Bug 1216176 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216176", }, { category: "external", summary: "SUSE Bug 1216181 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216181", }, { category: "external", summary: "SUSE Bug 1216182 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216182", }, { category: "external", summary: "SUSE Bug 1216190 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1.noarch", "SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-10-19T07:52:28Z", details: "important", }, ], title: "CVE-2023-44487", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.