You are here

Apache Releases Security Updates for Apache Tomcat - Updated October 14, 2020

Apache Releases Security Updates for Apache Tomcat - Updated October 14, 2020

Created: Thursday, October 15, 2020 - 09:42
Categories:
Cybersecurity

October 14, 2020

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache Security Advisory for CVE-2020-13943 and upgrade to the appropriate version. Read the advisory at CISA.

July 14, 2020

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the Apache security advisories for CVE-2020-13934 and CVE-2020-13935 and upgrade to the appropriate version. Read the advisory at CISA.

June 29, 2020

Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2020-2021 and apply the necessary updates or workarounds. Read the advisory at CISA.

April 15, 2019

The Apache Software Foundation has released Apache Tomcat versions 7.0.94, 8.5.40, and 9.0.19 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Apache security advisory for CVE-2019-0232 and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

October 31, 2018

The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. The NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11759 and apply the necessary update or mitigation. NCCIC/US-CERT.

October 4, 2018

The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11784. NCCIC/US-CERT.

July 23, 2018

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review the Apache security advisories for CVE-2018-8037 and CVE-2018-1336 and apply the necessary updates. NCCIC/US-CERT.

September 19, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. US-CERT encourages users and administrators to review the Apache advisories for CVE-2017-12615 and CVE-2017-12616 for more information and apply the necessary updates. US-CERT.