We use cookies to help us improve our webpage. Please read our Cookie Policy.

Synology-SA-18:38 Tomcat

Publish Time: 2018-07-24 18:54:48 UTC+8

Last Updated: 2018-07-24 18:54:48 UTC+8

Severity
Important
Status
Ongoing

Abstract

CVE-2018-1336 and CVE-2018-8034 allow remote attackers to conduct denial-of-service attacks or man-in-the-middle attackers to bypass security constraint via a susceptible version of Tomcat 6 and Tomcat 7.

None of Synology products are affected by CVE-2018-8037 as it only affects Apache Tomcat 8.5.5 and later.

Affected Products

Product Severity Fixed Release Availability
Tomcat 6 Important Will not fix.
Tomcat 7 Important Ongoing

Mitigation

If you need immediate assistance, please contact Synology technical support via https://account.synology.com/en-global/support.

Detail

Reserved

Reference

Revision

Revision Date Description
1 2018-07-24 Initial public release.