[ol7_latest] tomcat-admin-webapps-7.0.76-12.el7_8.noarch

Name:	tomcat-admin-webapps
Version:	7.0.76
Release:	12.el7_8
Architecture:	noarch
Group:	Applications/System
Size:	114309
License:	ASL 2.0
RPM:	tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm
Source RPM:	tomcat-7.0.76-12.el7_8.src.rpm
Build Date:	Thu Jun 11 2020
Build Host:	jenkins-10-147-72-125-b7365bf9-a743-4d5b-be32-d1d2946a8e39.appad3iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	http://tomcat.apache.org/
Summary:	The host-manager and manager web applications for Apache Tomcat
Description:	The host-manager and manager web applications for Apache Tomcat.

Changelog (Show File list) (Show related packages)

Thu May 21 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-12

- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence

Tue Mar 03 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-11

- Resolves: rhbz#1806802 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
```
- Resolves: rhbz#1748541 Bump tomcat release number
```

Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9

- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8

- Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS

Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7

- Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session

Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
```
- Related: rhbz#1505762 Remove erroneous useradd
```

Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5

- Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
- Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user

Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3

- Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision

Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2

- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used