6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.948 High
EPSS
Percentile
99.2%
CentOS Errata and Security Advisory CESA-2015:0991
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make Tomcat
process part of the request body as new request, or cause a denial of
service. (CVE-2014-0227)
This update also fixes the following bug:
All Tomcat 6 users are advised to upgrade to these updated packages, which
correct these issues. Tomcat must be restarted for this update to take
effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-May/083267.html
Affected packages:
tomcat6
tomcat6-admin-webapps
tomcat6-docs-webapp
tomcat6-el-2.1-api
tomcat6-javadoc
tomcat6-jsp-2.1-api
tomcat6-lib
tomcat6-servlet-2.5-api
tomcat6-webapps
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0991
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | tomcat6 | < 6.0.24-83.el6_6 | tomcat6-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-admin-webapps | < 6.0.24-83.el6_6 | tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-docs-webapp | < 6.0.24-83.el6_6 | tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-el-2.1-api | < 6.0.24-83.el6_6 | tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-javadoc | < 6.0.24-83.el6_6 | tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-jsp-2.1-api | < 6.0.24-83.el6_6 | tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-lib | < 6.0.24-83.el6_6 | tomcat6-lib-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-servlet-2.5-api | < 6.0.24-83.el6_6 | tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | i686 | tomcat6-webapps | < 6.0.24-83.el6_6 | tomcat6-webapps-6.0.24-83.el6_6.i686.rpm |
CentOS | 6 | x86_64 | tomcat6 | < 6.0.24-83.el6_6 | tomcat6-6.0.24-83.el6_6.x86_64.rpm |