https://bugzilla.redhat.com/show_bug.cgi?id=1311102
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1265698 (CVE-2015-5174), | |1311076 (CVE-2015-5351), | |1311082 (CVE-2016-0714), | |1311087 (CVE-2016-0706), | |1311089 (CVE-2015-5345), | |1311085 (CVE-2015-5346) Summary|CVE-2016-0763 tomcat: |CVE-2015-5174 CVE-2015-5351 |security manager bypass via |CVE-2016-0714 CVE-2016-0706 |setGlobalContext() |CVE-2015-5345 CVE-2015-5346 |[fedora-all] |CVE-2016-0763 tomcat: | |multiple security | |vulnerabilities | |[fedora-all]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1265698 [Bug 1265698] CVE-2015-5174 tomcat: URL Normalization issue https://bugzilla.redhat.com/show_bug.cgi?id=1311076 [Bug 1311076] CVE-2015-5351 tomcat: CSRF token leak https://bugzilla.redhat.com/show_bug.cgi?id=1311082 [Bug 1311082] CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms https://bugzilla.redhat.com/show_bug.cgi?id=1311085 [Bug 1311085] CVE-2015-5346 tomcat: Session fixation https://bugzilla.redhat.com/show_bug.cgi?id=1311087 [Bug 1311087] CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet https://bugzilla.redhat.com/show_bug.cgi?id=1311089 [Bug 1311089] CVE-2015-5345 tomcat: directory disclosure