5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%
Package : tomcat6
Version : 6.0.41-2+squeeze7
CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810
Debian Bug : 787010 785312 785316
The following vulnerabilities were found in Apache Tomcat 6:
CVE-2014-0227
The Tomcat security team identified that it was possible to conduct HTTP
request smuggling attacks or cause a DoS by streaming malformed data.
CVE-2014-0230
AntBean@secdig, from the Baidu Security Team, disclosed that it was
possible to cause a limited DoS attack by feeding data by aborting an
upload.
CVE-2014-7810
The Tomcat security team identified that malicious web applications could
bypass the Security Manager by the use of expression language.
For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | tomcat6-common | < 6.0.41-2+squeeze7 | tomcat6-common_6.0.41-2+squeeze7_all.deb |
Debian | 8 | all | tomcat7-user | < 7.0.56-3+deb8u1 | tomcat7-user_7.0.56-3+deb8u1_all.deb |
Debian | 8 | all | tomcat8-examples | < 8.0.14-1+deb8u1 | tomcat8-examples_8.0.14-1+deb8u1_all.deb |
Debian | 7 | all | tomcat6-admin | < 6.0.45+dfsg-1~deb7u1 | tomcat6-admin_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | libservlet2.5-java | < 6.0.45+dfsg-1~deb7u1 | libservlet2.5-java_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat6-extras | < 6.0.45+dfsg-1~deb7u1 | tomcat6-extras_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat7-common | < 7.0.28-4+deb7u3 | tomcat7-common_7.0.28-4+deb7u3_all.deb |
Debian | 6 | all | tomcat6-user | < 6.0.41-2+squeeze7 | tomcat6-user_6.0.41-2+squeeze7_all.deb |
Debian | 7 | all | tomcat7-docs | < 7.0.28-4+deb7u3 | tomcat7-docs_7.0.28-4+deb7u3_all.deb |
Debian | 8 | all | tomcat8-user | < 8.0.14-1+deb8u1 | tomcat8-user_8.0.14-1+deb8u1_all.deb |