4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.932 High
EPSS
Percentile
99.0%
Package : tomcat6
Version : 6.0.41-2+squeeze5
CVE ID : CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322
CVE-2013-4590 CVE-2014-0033
Debian Bugs : 299635 608286 654136 659748 664072 665393 666256 668761
671373 677912 682955 687818 692440 695250 713796 717279
This is an upgrade from tomcat 6.0.35 (the version previously available
in squeeze) to 6.0.41, the full list of changes between these versions
can be see in the upstream changelog, which is available online at
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
This update fixes the following security issues previously not available
for squeeze:
CVE-2014-0033
Prevent remote attackers from conducting session fixation attacks via crafted
URLs.
CVE-2013-4590
Prevent "Tomcat internals" information leaks.
CVE-2013-4322
Prevent remote attackers from doing denial of service attacks.
CVE-2013-4286
Reject requests with multiple content-length headers or with a content-length
header when chunked encoding is being used.
CVE-2013-1571
Avoid CVE-2013-1571 when generating Javadoc.
CVE-2012-3439
Various improvements to the DIGEST authenticator.
Thanks to Tony Mancill for doing the vast amount of the work for this update!
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | libtomcat7-java | < 7.0.28-4+deb7u1 | libtomcat7-java_7.0.28-4+deb7u1_all.deb |
Debian | 7 | all | libservlet2.5-java-doc | < 6.0.45+dfsg-1~deb7u1 | libservlet2.5-java-doc_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat6-extras | < 6.0.45+dfsg-1~deb7u1 | tomcat6-extras_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | libservlet2.5-java | < 6.0.45+dfsg-1~deb7u1 | libservlet2.5-java_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat7-docs | < 7.0.28-4+deb7u1 | tomcat7-docs_7.0.28-4+deb7u1_all.deb |
Debian | 6 | all | libtomcat6-java | < 6.0.41-2+squeeze5 | libtomcat6-java_6.0.41-2+squeeze5_all.deb |
Debian | 7 | all | libservlet2.4-java | < 6.0.45+dfsg-1~deb7u1 | libservlet2.4-java_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat6-examples | < 6.0.45+dfsg-1~deb7u1 | tomcat6-examples_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat6 | < 6.0.45+dfsg-1~deb7u1 | tomcat6_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | libservlet3.0-java-doc | < 7.0.28-4+deb7u1 | libservlet3.0-java-doc_7.0.28-4+deb7u1_all.deb |