Synology-SA-18:38 Tomcat
Publish Time: 2018-07-24 18:54:48 UTC+8
Last Updated: 2018-07-24 18:54:48 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
CVE-2018-1336 and CVE-2018-8034 allow remote attackers to conduct denial-of-service attacks or man-in-the-middle attackers to bypass security constraint via a susceptible version of Tomcat 6 and Tomcat 7.
None of Synology products are affected by CVE-2018-8037 as it only affects Apache Tomcat 8.5.5 and later.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Tomcat 6 | Important | Will not fix. |
| Tomcat 7 | Important | Ongoing |
Mitigation
If you need immediate assistance, please contact Synology technical support via https://account.synology.com/en-global/support.
Detail
Reserved
Reference
- Alert Regarding Multiple Vulnerabilities in Apache Tomcat
- Apache Releases Security Updates for Apache Tomcat
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-07-24 | Initial public release. |