The following vulnerabilities were found in Apache Tomcat 6:
- CVE-2014-0227
The Tomcat security team identified that it was possible to conduct HTTP
request smuggling attacks or cause a DoS by streaming malformed data.
- CVE-2014-0230
AntBean@secdig, from the Baidu Security Team, disclosed that it was
possible to cause a limited DoS attack by feeding data by aborting an
upload.
- CVE-2014-7810
The Tomcat security team identified that malicious web applications could
bypass the Security Manager by the use of expression language.
For Debian 6 Squeeze, these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.