OESA-2021-1299
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1299
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1299.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1299
- Upstream
- Published
- 2021-08-06T11:03:07Z
- Modified
- 2025-08-12T05:08:09.028598Z
- Summary
- tomcat security update
- Details
-
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project
Security Fix(es):
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.(CVE-2021-30640)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / tomcat
Package
- Name
- tomcat
- Purl
- pkg:rpm/openEuler/tomcat&distro=openEuler-20.03-LTS-SP1