A safety alert issued for Apache Tomcat has obtained an replace from BSI. You can learn the outline of the safety hole together with the newest updates and details about the affected Linux, UNIX and Windows working programs and merchandise right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for the Apache Tomcat safety vulnerability recognized on January 18, 2024. The safety vulnerability impacts Linux, UNIX and Windows working programs and Apache Tomcat merchandise, Amazon Linux 2, Red Hat Enterprise Linux, SUSE Linux, IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful assets are listed later on this article.
Apache Tomcat Security Advisory – Risk: Medium
Risk stage: 2 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS normal makes it doable to check potential or precise safety dangers primarily based on numerous standards with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally take into consideration modifications over time within the threat state of affairs. The severity of the present vulnerability is assessed as “average” in line with the CVSS with a base rating of seven.5.
Apache Tomcat Bug: Vulnerability Allows Information Disclosure
Apache Tomcat is a cross-platform net software server.
A distant, unknown attacker may exploit a vulnerability in Apache Tomcat to reveal data.
Vulnerabilities have been categorised utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-21733.
Systems affected by the safety hole at a look
Operating programs
Linux, UNIX, Windows
Products
Apache Tomcat Apache Tomcat Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
IBM SAN Volume Controller (cpe:/a:ibm:san_volume_controller)
IBM Storwize (cpe:/a:ibm:storwize)
IBM FlashSystem (cpe:/a:ibm:flashsystem)
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often test the desired sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here one can find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2707 vom 2024-05-06 (06.05.2024)
For extra data, see:
IBM Security Bulletin 7114769 vom 2024-04-30 (01.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0829-1 vom 2024-03-11 (10.03.2024)
For extra data, see:
Amazon Linux Security Advisory ALASTOMCAT8.5-2024-017 vom 2024-02-06 (05.02.2024)
For extra data, see:
Amazon Linux Security Advisory ALASTOMCAT9-2024-011 vom 2024-02-06 (05.02.2024)
For extra data, see:
oss-sec mailing record archives vom 2024-01-18 (18.01.2024)
For extra data, see:
Apache Security Advisory vom 2024-01-18 (18.01.2024)
For extra data, see:
Version historical past of this safety alert
This is model 6 of this IT safety discover for Apache Tomcat. This doc will probably be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past beneath.
January 18, 2024 – First model
02/05/2024 – New updates from Amazon added
03/10/2024 – New updates from SUSE added
May 1, 2024 – New updates from IBM added
05/06/2024 – New updates from Red Hat have been added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial observe: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial workforce.
kns/roj/information.de