tomcat - Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API

License: ASL 2.0
Vendor: Scientific Linux
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.


tomcat-7.0.76-8.el7_5.noarch [87 KiB] Changelog by Coty Sutherland (2018-10-01):
- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
tomcat-7.0.76-3.el7_4.noarch [89 KiB] Changelog by Coty Sutherland (2017-10-12):
- Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision
tomcat-7.0.76-2.el7.noarch [88 KiB] Changelog by Coty Sutherland (2017-06-08):
- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
tomcat-7.0.69-12.el7_3.noarch [88 KiB] Changelog by Coty Sutherland (2017-06-09):
- Resolves: rhbz#1441487 CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object
- Resolves: rhbz#1441480 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
- Resolves: rhbz#1459746 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
tomcat-7.0.69-11.el7_3.noarch [87 KiB] Changelog by Coty Sutherland (2017-03-28):
- Resolves: rhbz#1413591 CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- Resolves: rhbz#1402662 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
tomcat-7.0.69-10.el7.noarch [87 KiB] Changelog by Coty Sutherland (2016-08-25):
- Related: rhbz#1368122
tomcat-7.0.54-8.el7_2.noarch [84 KiB] Changelog by Coty Sutherland (2016-08-25):
- Resolves: rhbz#1368121
tomcat-7.0.54-2.el7_1.noarch [84 KiB] Changelog by David Knox (2015-03-24):
- Resovles: CVE-2014-0227
tomcat-7.0.54-1.el7.noarch [84 KiB] Changelog by David Knox (2014-09-17):
- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd 
- artifacts. Rebase on 7.0.54.
tomcat-7.0.42-8.el7_0.noarch [83 KiB] Changelog by David Knox (2014-07-22):
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119
tomcat-7.0.42-6.el7_0.noarch [82 KiB] Changelog by David Knox (2014-06-11):
- Resolves: CVE-2014-0099 Fix possible overflow when parsing
- long values from byte array
- Resolves: CVE-2014-0096 Information discloser process XSLT
- files not subject to same constraint running under
- java security manager
- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
tomcat-7.0.42-5.el7_0.noarch [82 KiB] Changelog by David Knox (2014-04-16):
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.

