Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Apache Tomcat security update

Number: AV18-121
Date: 24 July 2018

Purpose

The purpose of this advisory is to bring attention to critical security updates released for Apache Tomcat.

Assessment

Apache has released critical security updates to address vulnerabilities in their Tomcat product.

Versions affected: 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

CVE References: CVE-2018-1336, CVE-2018-8037, CVE-2018-8034

Suggested action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References

https://lists.apache.org/list.html?dev@tomcat.apache.org

http://tomcat.apache.org/security-9.html

Date modified: