Security update for tomcat
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481).
- CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480).
- CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
- Submitted by Matei Albu (malbu)
Fixed bugs
bnc#1082480
VUL-0: CVE-2018-1304: tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources
bnc#1082481
VUL-0: CVE-2018-1305: tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
bnc#1078677
VUL-1: CVE-2017-15706: tomcat: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration