{"id":"RHSA-2017:2247","summary":"Red Hat Security Advisory: tomcat security, bug fix, and enhancement update","modified":"2026-03-11T07:11:19.124466Z","published":"2024-09-29T17:10:03Z","upstream":["CVE-2016-0762","CVE-2016-5018","CVE-2016-6794","CVE-2016-6796","CVE-2016-6797"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2247"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#low"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390493"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390515"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390520"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390525"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390526"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1411738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1414895"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2247.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-0762"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-0762"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0762"},{"type":"ARTICLE","url":"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"},{"type":"ARTICLE","url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"},{"type":"ARTICLE","url":"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-5018"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-5018"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5018"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-6794"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6794"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6794"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-6796"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6796"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6796"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2016-6797"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6797"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6797"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-admin-webapps","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-admin-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-docs-webapp","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-docs-webapp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-el-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-el-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-javadoc","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsp-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-jsp-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsvc","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-jsvc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-lib","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-servlet-3.0-api","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-servlet-3.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-webapps","ecosystem":"Red Hat:enterprise_linux:7::client","purl":"pkg:rpm/redhat/tomcat-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-admin-webapps","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-admin-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-docs-webapp","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-docs-webapp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-el-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-el-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-javadoc","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsp-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-jsp-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsvc","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-jsvc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-lib","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-servlet-3.0-api","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-servlet-3.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-webapps","ecosystem":"Red Hat:enterprise_linux:7::computenode","purl":"pkg:rpm/redhat/tomcat-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-admin-webapps","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-admin-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-docs-webapp","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-docs-webapp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-el-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-el-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-javadoc","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsp-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-jsp-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsvc","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-jsvc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-lib","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-servlet-3.0-api","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-servlet-3.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-webapps","ecosystem":"Red Hat:enterprise_linux:7::server","purl":"pkg:rpm/redhat/tomcat-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-admin-webapps","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-admin-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-docs-webapp","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-docs-webapp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-el-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-el-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-javadoc","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsp-2.2-api","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-jsp-2.2-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-jsvc","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-jsvc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-lib","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-servlet-3.0-api","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-servlet-3.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}},{"package":{"name":"tomcat-webapps","ecosystem":"Red Hat:enterprise_linux:7::workstation","purl":"pkg:rpm/redhat/tomcat-webapps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.0.76-2.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2017:2247.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}