It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. (CVE-2019-12418)
It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. (CVE-2019-17563)
{ "availability": "No subscription required", "binaries": [ { "tomcat8-common": "8.0.32-1ubuntu1.11", "tomcat8-admin": "8.0.32-1ubuntu1.11", "tomcat8-user": "8.0.32-1ubuntu1.11", "libtomcat8-java": "8.0.32-1ubuntu1.11", "tomcat8": "8.0.32-1ubuntu1.11", "tomcat8-examples": "8.0.32-1ubuntu1.11", "libservlet3.1-java-doc": "8.0.32-1ubuntu1.11", "libservlet3.1-java": "8.0.32-1ubuntu1.11", "tomcat8-docs": "8.0.32-1ubuntu1.11" } ] }