Bruin Learn access is restored. UCLA Digital and Technology Solutions and Bruin Learn administrators are continuing to monitor for delays or unexpected issues with the restoration of UCLA’s Canvas environment. If you continue to experience any issues with Bruin Learn, please reach out to BruinLearn-Support@it.ucla.edu

Apache Releases Security Advisory for Apache Tomcat

July 08, 2020
Security Advisory

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M5 Apache Tomcat 9.0.0.M1 to 9.0.35 Apache Tomcat 8.5.0 to 8.5.55

Description

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Mitigation

- Upgrade to Apache Tomcat 10.0.0-M6 or later

- Upgrade to Apache Tomcat 9.0.36 or later

- Upgrade to Apache Tomcat 8.5.56 or later

References

[1] Apache Tomcat Security 10

[2] Apache Tomcat Security 9

[3] Apache Tomcat Security 8

Apache Releases Security Advisory for Apache Tomcat

Description

Mitigation

References

Bruin Learn Access Restored

Security Incident at Instructure (Canvas)

Linux Kernel Local Privilege Escalation Vulnerability (Copy Fail)

Action Required: New Logon Security Protocols to Access UCPath

Beware of Impersonation and Social Engineering During Emergencies