{"affected":[{"ecosystem_specific":{"binaries":[{"tomcat6":"6.0.53-0.56.1","tomcat6-admin-webapps":"6.0.53-0.56.1","tomcat6-docs-webapp":"6.0.53-0.56.1","tomcat6-javadoc":"6.0.53-0.56.1","tomcat6-jsp-2_1-api":"6.0.53-0.56.1","tomcat6-lib":"6.0.53-0.56.1","tomcat6-servlet-2_5-api":"6.0.53-0.56.1","tomcat6-webapps":"6.0.53-0.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"tomcat6","purl":"pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.0.53-0.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat6":"6.0.53-0.56.1","tomcat6-admin-webapps":"6.0.53-0.56.1","tomcat6-docs-webapp":"6.0.53-0.56.1","tomcat6-javadoc":"6.0.53-0.56.1","tomcat6-jsp-2_1-api":"6.0.53-0.56.1","tomcat6-lib":"6.0.53-0.56.1","tomcat6-servlet-2_5-api":"6.0.53-0.56.1","tomcat6-webapps":"6.0.53-0.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"tomcat6","purl":"pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.0.53-0.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat6":"6.0.53-0.56.1","tomcat6-admin-webapps":"6.0.53-0.56.1","tomcat6-docs-webapp":"6.0.53-0.56.1","tomcat6-javadoc":"6.0.53-0.56.1","tomcat6-jsp-2_1-api":"6.0.53-0.56.1","tomcat6-lib":"6.0.53-0.56.1","tomcat6-servlet-2_5-api":"6.0.53-0.56.1","tomcat6-webapps":"6.0.53-0.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"tomcat6","purl":"pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.0.53-0.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat6":"6.0.53-0.56.1","tomcat6-admin-webapps":"6.0.53-0.56.1","tomcat6-docs-webapp":"6.0.53-0.56.1","tomcat6-javadoc":"6.0.53-0.56.1","tomcat6-jsp-2_1-api":"6.0.53-0.56.1","tomcat6-lib":"6.0.53-0.56.1","tomcat6-servlet-2_5-api":"6.0.53-0.56.1","tomcat6-webapps":"6.0.53-0.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"tomcat6","purl":"pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.0.53-0.56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat6":"6.0.53-0.56.1","tomcat6-admin-webapps":"6.0.53-0.56.1","tomcat6-docs-webapp":"6.0.53-0.56.1","tomcat6-javadoc":"6.0.53-0.56.1","tomcat6-jsp-2_1-api":"6.0.53-0.56.1","tomcat6-lib":"6.0.53-0.56.1","tomcat6-servlet-2_5-api":"6.0.53-0.56.1","tomcat6-webapps":"6.0.53-0.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"tomcat6","purl":"pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.0.53-0.56.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tomcat6 fixes the following issues:\n\nTomcat was updated to version 6.0.53:\n\nThe full changelog is:\n  http://tomcat.apache.org/tomcat-6.0-doc/changelog.html\n\nSecurity issues fixed:\n\n- CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642)\n- CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) \n- CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n- CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n- CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n- CVE-2016-6796: Manager Bypass (bsc#1007858)\n- CVE-2016-6794: System Property Disclosure (bsc#1007857)\n- CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n- CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n- CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect  outbound HTTP traffic (bsc#988489)\n","id":"SUSE-SU-2017:1632-1","modified":"2017-06-21T06:58:33Z","published":"2017-06-21T06:58:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171632-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007853"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007854"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007855"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007857"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007858"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011805"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015119"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036642"},{"type":"REPORT","url":"https://bugzilla.suse.com/988489"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5018"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5388"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8735"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5647"}],"related":["CVE-2016-0762","CVE-2016-5018","CVE-2016-5388","CVE-2016-6794","CVE-2016-6796","CVE-2016-6797","CVE-2016-6816","CVE-2016-8735","CVE-2016-8745","CVE-2017-5647"],"summary":"Security update for tomcat6","upstream":["CVE-2016-0762","CVE-2016-5018","CVE-2016-5388","CVE-2016-6794","CVE-2016-6796","CVE-2016-6797","CVE-2016-6816","CVE-2016-8735","CVE-2016-8745","CVE-2017-5647"]}