SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for tomcat fixes the following issues :
Security issues fixed :
- CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481).
- CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480).
- CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
SolutionUpdate the affected tomcat packages.