Last updated: 27/Feb/2020
Apache Software Foundation has announced the following multiple critical vulnerabilities for Apache Tomcat:
Insufficiently protected credentials may cause information leakage.
There was a narrow window where an attacker could perform a session fixation attack.
These vulnerabilities exist in the following versions of Apache Tomcat:
Apache Tomcat 9.0.0.M1 to 9.0.28
Apache Tomcat 8.5.0 to 8.5.47
Apache Tomcat 7.0.0 to 7.0.97
Apache Tomcat 9.0.0.M1 to 9.0.29
Apache Tomcat 8.5.0 to 8.5.49
Apache Tomcat 7.0.0 to 7.0.98
For more detail, contact Apache Software Foundation.
Impact on the WingArc1st Products
CVE-2019-17563 can affect following products:
|SVF Web Designer||9.2 to 10.0|
|SVF Java Products||9.0 to 10.0|
|Report Director Enterprise||9.0 to 10.0|
|Universal Connect/X||9.0 to 10.0|
CVE-2019-12418 has no effect on our products.
For SVF and SPA, we will release following service packs to address the issues.
|Product||Version||Planned Release Date|
|SVF Products V9.2||SP9||June 2020|
|SVF Products V10.0||V10.1||End of 2020|
For Dr. Sum, we confirmed the vulnerability has no effect.
For MotionBoard, we confirmed the vulnerability has no effect.