csaf_suse - suse-su-2023:1769-1

suse-su-2023:1769-1

Vulnerability from csaf_suse

Published
2023-04-05 09:07
Modified
2023-04-05 09:07
Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues: - CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). - CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513).
Patchnames
SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
JSON
To clipboard
{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\n- CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622).\n- CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513). \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-1769,SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769,SUSE-Storage-7-2023-1769,SUSE-Storage-7.1-2023-1769,openSUSE-SLE-15.4-2023-1769",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1769-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:1769-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20231769-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:1769-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2023-April/028652.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208513",
        "url": "https://bugzilla.suse.com/1208513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1209622",
        "url": "https://bugzilla.suse.com/1209622"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-24998 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-24998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28708 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28708/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2023-04-05T09:07:57Z",
      "generator": {
        "date": "2023-04-05T09:07:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:1769-1",
      "initial_release_date": "2023-04-05T09:07:57Z",
      "revision_history": [
        {
          "date": "2023-04-05T09:07:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-embed-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-embed-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-embed-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-javadoc-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-jsvc-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-lib-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.43-150200.35.1.noarch",
                  "product_id": "tomcat-webapps-9.0.43-150200.35.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.2",
                "product": {
                  "name": "SUSE Manager Server 4.2",
                  "product_id": "SUSE Manager Server 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7",
                "product": {
                  "name": "SUSE Enterprise Storage 7",
                  "product_id": "SUSE Enterprise Storage 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7",
          "product_id": "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-embed-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-embed-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsvc-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-jsvc-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.43-150200.35.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.43-150200.35.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-24998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-24998",
          "url": "https://www.suse.com/security/cve/CVE-2023-24998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208513 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1208513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210310 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1210310"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211608 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1211608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228313 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1228313"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-04-05T09:07:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-28708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not  include the secure attribute. This could result in the user agent  transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
          "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28708",
          "url": "https://www.suse.com/security/cve/CVE-2023-28708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209622 for CVE-2023-28708",
          "url": "https://bugzilla.suse.com/1209622"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Enterprise Storage 7:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP4:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-lib-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "SUSE Manager Server 4.2:tomcat-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-admin-webapps-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-docs-webapp-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-el-3_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-embed-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-javadoc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsp-2_3-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-jsvc-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-lib-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-servlet-4_0-api-9.0.43-150200.35.1.noarch",
            "openSUSE Leap 15.4:tomcat-webapps-9.0.43-150200.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-04-05T09:07:57Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28708"
    }
  ]
}
CVE-2023-24998 (GCVE-0-2023-24998)

Vulnerability from cvelistv5

Published
2023-02-20 15:57
Modified
2025-02-13 16:44
Severity ?
CWE
CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
References
►
URL
CVE-2023-28708 (GCVE-0-2023-28708)

Vulnerability from cvelistv5

Published
2023-03-22 10:10
Modified
2025-08-07 10:57
Severity ?
CWE
CWE-523 - Unprotected Transport of Credentials
Summary
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.
References
►
URL
	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 11.0.0-M1 ≤ 11.0.0-M2 Version: 10.1.0-M1 ≤ 10.1.5 Version: 9.0.0-M1 ≤ 9.0.71 Version: 8.5.0 ≤ 8.5.85
Sightings

Author	Source	Type	Date
Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Action not permitted

suse-su-2023:1769-1

Vulnerability from csaf_suse

CVE-2023-24998 (GCVE-0-2023-24998)

Vulnerability from cvelistv5

CVE-2023-28708 (GCVE-0-2023-28708)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature
