Jump to letter: [
          
            3ABCDEFGHIJKLMNOPQRSTUVWXYZ
          ]
        
        tomcat-el-2.2-api - Expression Language v2.2 API
        
        
        - Description:
- Expression Language 2.2. 
Packages
        
        
            | tomcat-el-2.2-api-7.0.76-16.el7_9.noarch
              [80 KiB] | Changelog
              by Hui Wang (2020-09-23): - Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling | 
            | tomcat-el-2.2-api-7.0.76-15.el7.noarch
              [80 KiB] | Changelog
              by Coty Sutherland (2020-07-17): - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS | 
            | tomcat-el-2.2-api-7.0.76-12.el7_8.noarch
              [79 KiB] | Changelog
              by Coty Sutherland (2020-05-21): - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence | 
            | tomcat-el-2.2-api-7.0.76-11.el7_7.noarch
              [79 KiB] | Changelog
              by Coty Sutherland (2020-03-03): - Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability | 
            | tomcat-el-2.2-api-7.0.76-9.el7_6.noarch
              [78 KiB] | Changelog
              by Coty Sutherland (2019-02-12): - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet | 
            | tomcat-el-2.2-api-7.0.76-9.el7.noarch
              [79 KiB] | Changelog
              by Coty Sutherland (2019-02-12): - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values | 
            | tomcat-el-2.2-api-7.0.76-8.el7_5.noarch
              [78 KiB] | Changelog
              by Coty Sutherland (2018-10-01): - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS | 
            | tomcat-el-2.2-api-7.0.76-3.el7_4.noarch
              [78 KiB] | Changelog
              by Coty Sutherland (2017-10-12): - Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision |