Number: AV18-121
Date: 24 July 2018
Purpose
The purpose of this advisory is to bring attention to critical security updates released for Apache Tomcat.
Assessment
Apache has released critical security updates to address vulnerabilities in their Tomcat product.
Versions affected: 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
CVE References: CVE-2018-1336, CVE-2018-8037, CVE-2018-8034
Suggested action
CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.