Lucene search
DebianDEBIAN:DLA-232-1:8CB78HistoryMay 28, 2015 - 7:25 p.m.
[SECURITY] [DLA 232-1] tomcat6 security update
2015-05-2819:25:54
lists.debian.org
22
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%
Package : tomcat6
Version : 6.0.41-2+squeeze7
CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810
Debian Bug : 787010 785312 785316
The following vulnerabilities were found in Apache Tomcat 6:
CVE-2014-0227
The Tomcat security team identified that it was possible to conduct HTTP
request smuggling attacks or cause a DoS by streaming malformed data.
CVE-2014-0230
AntBean@secdig, from the Baidu Security Team, disclosed that it was
possible to cause a limited DoS attack by feeding data by aborting an
upload.
CVE-2014-7810
The Tomcat security team identified that malicious web applications could
bypass the Security Manager by the use of expression language.
For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | tomcat6-common | < 6.0.41-2+squeeze7 | tomcat6-common_6.0.41-2+squeeze7_all.deb |
| Debian | 8 | all | tomcat7-user | < 7.0.56-3+deb8u1 | tomcat7-user_7.0.56-3+deb8u1_all.deb |
| Debian | 8 | all | tomcat8-examples | < 8.0.14-1+deb8u1 | tomcat8-examples_8.0.14-1+deb8u1_all.deb |
| Debian | 7 | all | tomcat6-admin | < 6.0.45+dfsg-1~deb7u1 | tomcat6-admin_6.0.45+dfsg-1~deb7u1_all.deb |
| Debian | 7 | all | libservlet2.5-java | < 6.0.45+dfsg-1~deb7u1 | libservlet2.5-java_6.0.45+dfsg-1~deb7u1_all.deb |
| Debian | 7 | all | tomcat6-extras | < 6.0.45+dfsg-1~deb7u1 | tomcat6-extras_6.0.45+dfsg-1~deb7u1_all.deb |
| Debian | 7 | all | tomcat7-common | < 7.0.28-4+deb7u3 | tomcat7-common_7.0.28-4+deb7u3_all.deb |
| Debian | 6 | all | tomcat6-user | < 6.0.41-2+squeeze7 | tomcat6-user_6.0.41-2+squeeze7_all.deb |
| Debian | 7 | all | tomcat7-docs | < 7.0.28-4+deb7u3 | tomcat7-docs_7.0.28-4+deb7u3_all.deb |
| Debian | 8 | all | tomcat8-user | < 8.0.14-1+deb8u1 | tomcat8-user_8.0.14-1+deb8u1_all.deb |
Related
ibm
ibm
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2014-0230, CVE-2014-7810,CVE-2014-0227)
2018-06-15 07:03:18
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1337-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-2655-1)
2015-06-26 00:00:00
Debian: Security Advisory (DLA-232-1)
2023-03-08 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : tomcat6 vulnerabilities (USN-2655-1)
2015-06-26 00:00:00
Debian DLA-232-1 : tomcat6 security update
2015-05-29 00:00:00
Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2654-1)
2015-06-26 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2015-06-25 00:00:00
Tomcat vulnerabilities
2015-06-25 00:00:00
osv
osv
tomcat6 - security update
2015-05-28 00:00:00
tomcat8 - security update
2015-12-18 00:00:00
Improper Access Control in Apache Tomcat
2022-05-14 01:10:17
redhat
redhat
(RHSA-2016:0492) Moderate: tomcat6 security and bug fix update
2016-03-22 00:00:00
(RHSA-2016:22545) Moderate: tomcat6 security and bug fix update
2016-01-25 05:00:00
amazon
amazon
Medium: tomcat6
2016-03-10 16:30:00
Medium: tomcat6
2015-05-14 14:33:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2015-05-12 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2015-05-17 00:00:00
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
2015-05-17 00:00:00
Apache Tomcar request spoofing
2015-02-23 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.44
2015-05-12 00:00:00
Fixed in Apache Tomcat 7.0.55
2014-07-27 00:00:00
Fixed in Apache Tomcat 8.0.9
2014-06-24 00:00:00
debian
debian
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
[SECURITY] [DSA 3428-1] tomcat8 security update
2015-12-18 21:13:53
centos
centos
tomcat6 security update
2016-03-23 13:09:57
tomcat6 security update
2015-05-12 20:44:59
tomcat security update
2015-05-13 00:54:05
ubuntucve
ubuntucve
f5
f5
K38110373 : Apache Tomcat vulnerability CVE-2014-7810
2016-10-23 00:00:00
SOL38110373 - Apache Tomcat vulnerability CVE-2014-7810
2016-10-23 00:00:00
K16344 : Apache Tomcat vulnerability CVE-2014-0227
2015-09-16 00:00:00
debiancve
debiancve
github
github
Improper Access Control in Apache Tomcat
2022-05-14 01:10:17
Uncontrolled Resource Consumption in Apache Tomcat
2022-05-14 01:10:18
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
veracode
veracode
SecurityManager Bypass
2019-01-15 09:10:45
Denial Of Service (DoS) In ChunkedInputFilter
2019-01-15 09:06:04
Denial Of Service (DoS) Memory Consumption
2019-01-15 09:03:54
prion
prion
Design/Logic Flaw
2015-06-07 23:59:00
Design/Logic Flaw
2015-02-16 00:59:00
Design/Logic Flaw
2015-06-07 23:59:00
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2016-03-22 00:00:00
tomcat security update
2015-05-12 00:00:00
tomcat6 security and bug fix update
2015-05-12 00:00:00
cve
cve
mageia
mageia
Updated tomcat packages fix CVE-2014-0227
2015-02-19 19:37:50
myhack58
myhack58
archlinux
archlinux
tomcat6: denial of service
2015-05-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat ChunkedInputFilter Denial of Service (CVE-2014-0227)
2015-03-03 00:00:00
cloudfoundry
cloudfoundry
CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry
2015-02-09 00:00:00
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%
Related for DEBIAN:DLA-232-1:8CB78