Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

Threat ID:: CC-2548
Category:
Threat Severity:: Low
Threat Vector:
Published:: 24 July 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

Affected platforms

The following platforms are known to be affected:

Apache Tomcat

Apache Tomcat - Versions 7.0.28 to 7.0.86, 8.0.0.RC1 to 8.0.51, 8.5.0 to 8.5.31 and 9.0.0.M9 to 9.0.9

Threat details

Remediation steps

Type	Step
	Users and administrators are encouraged to review the Apache security advisories for CVE-2018-8037 and CVE-2018-1336 and apply the necessary updates.

CVE Vulnerabilities

Status

CVE-2018-8037

Status

CVE-2018-1336

Last edited: 17 February 2020 12:37 pm