Security update for tomcat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4129-1 Final 1 1 2023-10-19T07:52:28Z current 2023-10-19T07:52:28Z 2023-10-19T07:52:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tomcat This update for tomcat fixes the following issues: Tomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377): - Security issues fixed: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) * CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182) - Update to Tomcat 9.0.82: * Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods. * Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects - Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377): * Catalina: + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * Coyote: + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + Correct certificate logging on start-up so it differentiates between keystore based keys/certificates: PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket: + Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications: + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration section for the Digest authentication value. + Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + Documentation: Fix a typo in the name of the algorithms + Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool: + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other: + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1.66665: + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/apache-tomcat:9-openjdk11-2023-4129,Container containers/apache-tomcat:9-openjdk17-2023-4129,Container containers/apache-tomcat:9-openjdk21-2023-4129,Container containers/apache-tomcat:9-openjdk8-2023-4129,Container suse/manager/5.0/x86_64/server:latest-2023-4129,Image SLES15-SP4-Manager-Server-4-3-2023-4129,Image SLES15-SP4-Manager-Server-4-3-Azure-llc-2023-4129,Image SLES15-SP4-Manager-Server-4-3-Azure-ltd-2023-4129,Image SLES15-SP4-Manager-Server-4-3-BYOS-2023-4129,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2023-4129,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2023-4129,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2023-4129,Image SLES15-SP4-Manager-Server-4-3-EC2-llc-2023-4129,Image SLES15-SP4-Manager-Server-4-3-EC2-ltd-2023-4129,Image server-image-2023-4129,Image tomcat_15_6-2023-4129,SUSE-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4129,SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4129,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4129,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4129,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4129,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4129,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4129,SUSE-Storage-7.1-2023-4129 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234129-1/ Link for SUSE-SU-2023:4129-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016747.html E-Mail link for SUSE-SU-2023:4129-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214666 SUSE Bug 1214666 https://bugzilla.suse.com/1216182 SUSE Bug 1216182 https://www.suse.com/security/cve/CVE-2023-41080/ SUSE CVE CVE-2023-41080 page https://www.suse.com/security/cve/CVE-2023-44487/ SUSE CVE CVE-2023-44487 page Container containers/apache-tomcat:9-openjdk11 Container containers/apache-tomcat:9-openjdk17 Container containers/apache-tomcat:9-openjdk21 Container containers/apache-tomcat:9-openjdk8 Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd Image server-image Image tomcat_15_6 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Web and Scripting 15 SP4 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Server 4.2 tomcat-9.0.82-150200.46.1 tomcat-el-3_0-api-9.0.82-150200.46.1 tomcat-jsp-2_3-api-9.0.82-150200.46.1 tomcat-lib-9.0.82-150200.46.1 tomcat-servlet-4_0-api-9.0.82-150200.46.1 tomcat-admin-webapps-9.0.82-150200.46.1 tomcat-docs-webapp-9.0.82-150200.46.1 tomcat-embed-9.0.82-150200.46.1 tomcat-javadoc-9.0.82-150200.46.1 tomcat-jsvc-9.0.82-150200.46.1 tomcat-webapps-9.0.82-150200.46.1 tomcat-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk11 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk11 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk11 tomcat-lib-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk11 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk11 tomcat-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk17 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk17 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk17 tomcat-lib-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk17 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk17 tomcat-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk21 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk21 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk21 tomcat-lib-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk21 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk21 tomcat-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk8 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk8 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk8 tomcat-lib-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk8 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Container containers/apache-tomcat:9-openjdk8 tomcat-9.0.82-150200.46.1 as a component of Container suse/manager/5.0/x86_64/server:latest tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Container suse/manager/5.0/x86_64/server:latest tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Container suse/manager/5.0/x86_64/server:latest tomcat-lib-9.0.82-150200.46.1 as a component of Container suse/manager/5.0/x86_64/server:latest tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Container suse/manager/5.0/x86_64/server:latest tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3 tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3 tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc tomcat-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd tomcat-lib-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd tomcat-9.0.82-150200.46.1 as a component of Image server-image tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image server-image tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image server-image tomcat-lib-9.0.82-150200.46.1 as a component of Image server-image tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image server-image tomcat-9.0.82-150200.46.1 as a component of Image tomcat_15_6 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of Image tomcat_15_6 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of Image tomcat_15_6 tomcat-lib-9.0.82-150200.46.1 as a component of Image tomcat_15_6 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of Image tomcat_15_6 tomcat-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Enterprise Storage 7.1 tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4 tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 tomcat-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-admin-webapps-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-el-3_0-api-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-jsp-2_3-api-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-lib-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-servlet-4_0-api-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 tomcat-webapps-9.0.82-150200.46.1 as a component of SUSE Manager Server 4.2 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. CVE-2023-41080 Container containers/apache-tomcat:9-openjdk11:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-el-3_0-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-lib-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image server-image:tomcat-9.0.82-150200.46.1 Image server-image:tomcat-el-3_0-api-9.0.82-150200.46.1 Image server-image:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image server-image:tomcat-lib-9.0.82-150200.46.1 Image server-image:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-el-3_0-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-lib-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234129-1/ https://www.suse.com/security/cve/CVE-2023-41080.html CVE-2023-41080 https://bugzilla.suse.com/1214666 SUSE Bug 1214666 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Container containers/apache-tomcat:9-openjdk11:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk11:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk17:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk21:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-el-3_0-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-lib-9.0.82-150200.46.1 Container containers/apache-tomcat:9-openjdk8:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-el-3_0-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-lib-9.0.82-150200.46.1 Container suse/manager/5.0/x86_64/server:latest:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-el-3_0-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-lib-9.0.82-150200.46.1 Image SLES15-SP4-Manager-Server-4-3:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image server-image:tomcat-9.0.82-150200.46.1 Image server-image:tomcat-el-3_0-api-9.0.82-150200.46.1 Image server-image:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image server-image:tomcat-lib-9.0.82-150200.46.1 Image server-image:tomcat-servlet-4_0-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-el-3_0-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-jsp-2_3-api-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-lib-9.0.82-150200.46.1 Image tomcat_15_6:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-lib-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.82-150200.46.1 SUSE Manager Server 4.2:tomcat-webapps-9.0.82-150200.46.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234129-1/ https://www.suse.com/security/cve/CVE-2023-44487.html CVE-2023-44487 https://bugzilla.suse.com/1216109 SUSE Bug 1216109 https://bugzilla.suse.com/1216123 SUSE Bug 1216123 https://bugzilla.suse.com/1216169 SUSE Bug 1216169 https://bugzilla.suse.com/1216171 SUSE Bug 1216171 https://bugzilla.suse.com/1216174 SUSE Bug 1216174 https://bugzilla.suse.com/1216176 SUSE Bug 1216176 https://bugzilla.suse.com/1216181 SUSE Bug 1216181 https://bugzilla.suse.com/1216182 SUSE Bug 1216182 https://bugzilla.suse.com/1216190 SUSE Bug 1216190