USN-4791-1: Apache Tomcat 7 vulnerabilities
Publication date
15 March 2021
Overview
Several security issues were fixed in Apache Tomcat 7.
Releases
Packages
- tomcat7 - Servlet and JSP engine
Details
It was discovered that Apache Tomcat 7 did not protect applications from the
presence of untrusted client data in an environment variable. A remote
attacker could possible use this vulnerability to redirect the traffic to an
arbitrary proxy and obtain sensitive information. (CVE-2016-5388)
It was discovered that Apache Tomcat 7 mishandled specially crafted input.
An attacker could use this vulnerability to cause a denial of service.
(CVE-2018-1336)
It was discovered that Apache Tomcat 7 did not protect applications from the
presence of untrusted client data in an environment variable. A remote
attacker could possible use this vulnerability to redirect the traffic to an
arbitrary proxy and obtain sensitive information. (CVE-2016-5388)
It was discovered that Apache Tomcat 7 mishandled specially crafted input.
An attacker could use this vulnerability to cause a denial of service.
(CVE-2018-1336)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.04 LTS xenial | tomcat7-common – 7.0.68-1ubuntu0.4+esm1 | ||
| libservlet3.0-java – 7.0.68-1ubuntu0.4+esm1 | |||
| tomcat7 – 7.0.68-1ubuntu0.4+esm1 | |||
| libtomcat7-java – 7.0.68-1ubuntu0.4+esm1 | |||
| tomcat7-user – 7.0.68-1ubuntu0.4+esm1 | |||
| tomcat7-admin – 7.0.68-1ubuntu0.4+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.