Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 8.2.3
Affects Version/s: 7.6.12, 7.13.0, 8.0.2
Component/s: Tomcat
Labels:
- pse-request

Introduced in Version:
7.06
Support reference count:
1
Symptom Severity:
Severity 2 - Major
UIS:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

The current version of Tomcat 8.5.35 bundled with JIRA 8.0 is vulnerable to Denial of Service CVE-2019-0199.
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.38

Fixed Versions

>= 8.5.38
>= 9.0.16

Workaround

Upgrade Tomcat via the steps mentioned in https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-in-jira-7-x-879957866.html?

duplicates

JRASERVER-69100 Upgrade Tomcat to 8.5.38 to fix CVE-2019-0199

Closed

mentioned in: Page Loading...

Assignee:: Unassigned

Reporter:: Sasa Luo (Inactive)

Votes:: 2 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 10/Apr/2019 6:33 PM

Updated:: 18/Jul/2019 9:53 PM

Resolved:: 12/Jul/2019 7:40 PM