SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
- tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
- tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
- tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
SolutionUpdate the affected packages.