Ubuntu Security Notice 3081-2 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
3033f5f797851ab5b2c70da0510266da
Gentoo Linux Security Advisory 201705-9 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to privilege escalation. Versions less than 8.0.36 are affected.
39dcd471a8d2d370607819953cc70df1
Red Hat Security Advisory 2017-0457-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
72037ef84e99df951756d0280ca62e3b
Red Hat Security Advisory 2017-0456-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
4c3f88c9c6f20f34b15d02d8aa8ee2c5
Red Hat Security Advisory 2017-0455-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
a27e7563c89f4cc7f31db3509fc19ec6
Apache Tomcat versions 8.0.36-2 and below, 7.0.70-2 and below, and 6.0.45+dfsg-1~deb8ul and below suffer from a local root privilege escalation vulnerability.
dcf2beeda84d1c33b8f60d5b10460d33
Ubuntu Security Notice 3081-1 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. This update also reverts a change in behavior introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default.
17f1f2cba06a4ff91bdb32fe6fc539ca
Debian Linux Security Advisory 3669-1 - Dawid Golunski of LegalHackers discovered that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
5502341a567553656552c379d692dd22