Apache Tomcat Patches Important Security Vulnerabilities

Apache

Apache Tomcat Patches Important Security Vulnerabilities

Apache HTTP Server, colloquially called Apache is a free and open-source cross-platform web server, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information.

Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a “pure Java” HTTP web server environment for Java concept to run in.

 

Apache

 

Apache Tomcat — Information Disclosure Vulnerability

 

The more critical flaw (CVE-2018-8037) of all in Apache Tomcat is an information disclosure vulnerability caused due to a bug in the tracking of connection closures which can lead to reuse of user sessions in a new connection.

The vulnerability, marked as important, was reported to the Apache Tomcat Security Team by Dmitry Treskunov on 16 June 2018 and made public on 22 July 2018.

The flaw affects Tomcat versions 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31, and it has been fixed in Tomcat 9.0.10 and 8.5.32.

 

vulnerability

 

Apache Tomcat Server Software Updates (Patches)

 

The vulnerability affects Tomcat versions 7.0.x, 8.0.x, 8.5.x and 9.0.x, and has been addressed in Tomcat versions 9.0.7, 8.5.32, 8.0.52 and 7.0.90.

The Apache Software Foundation also included a security patch in the latest Tomcat versions to address a low severity security constraints bypass bug (CVE-2018-8034), which occurs due to missing of the hostname verification when using TLS with the WebSocket client.

Administrators are strongly recommended to apply the software updates as soon as possible and are advised to allow only trusted users to have network access as well as monitor affected systems.

The Apache Software Foundation says it has not detected any incident of the exploitation of one of these Apache Tomcat vulnerabilities in the wild.

A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

 

remote attacker

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 


Show Buttons
Hide Buttons