CERT mailing list archives

Apache Releases Security Updates for Apache Tomcat

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 04 Oct 2018 15:39:59 -0500

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



Apache Releases Security Updates for Apache Tomcat [ 
https://www.us-cert.gov/ncas/current-activity/2018/10/04/Apache-Releases-Security-Updates-Apache-Tomcat ] 10/04/2018 
03:06 PM EDT 
Original release date: October 04, 2018

The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 
9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain 
sensitive information.

NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11784 [ 
http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3c4cf697b0-db03-9eab-f2aa-54c2026d0e88 () apache 
org%3e ].

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]

Current thread:

Apache Releases Security Updates for Apache Tomcat US-CERT (Jul 23)
- <Possible follow-ups>
- Apache Releases Security Updates for Apache Tomcat US-CERT (Oct 04)