[Git][security-tracker-team/security-tracker][master] Add CVE-2023-41080/tomcat
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 26 10:44:45 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec113999 by Salvatore Bonaccorso at 2023-08-26T11:44:13+02:00
Add CVE-2023-41080/tomcat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,13 @@ CVE-2023-4524
CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote attacker ...)
NOT-FOR-US: Array AG OS
CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
- TODO: check
+ - tomcat10 <unfixed>
+ - tomcat9 9.0.70-2
+ - tomcat8 <removed>
+ NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
+ NOTE: https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13)
+ NOTE: https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b (9.0.80)
+ NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version
CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal vulne ...)
TODO: check
CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec113999472c98049bc80e27c83413336b1bf48a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec113999472c98049bc80e27c83413336b1bf48a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230826/929c2c71/attachment.htm>
More information about the debian-security-tracker-commits
mailing list