tomcat6 security and bug fix update

2016-10-10T00:00:00
ID ELSA-2016-2045
Type oraclelinux
Reporter Oracle
Modified 2016-10-10T00:00:00

Description

[0:6.0.24-98] - Resolves: rhbz#1362210 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368119 [0:6.0.24-97] - Resolves: rhbz#1367051 CVE-2015-5174 URL Normalization issue - Resolves: rhbz#1367054 CVE-2016-0706 Security Manager bypass via StatusManagerServlet - Resolves: rhbz#1367058 CVE-2016-0714 Security Manager bypass via persistence mechanisms - Resolves: rhbz#1367054 CVE-2015-5345 Directory disclosure [0:6.0.24-96] - Resolves: rhbz#1357123 rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out