Lucene search

K
osvGoogleOSV:DLA-232-1
HistoryMay 28, 2015 - 12:00 a.m.

tomcat6 - security update

2015-05-2800:00:00
Google
osv.dev
9

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

The following vulnerabilities were found in Apache Tomcat 6:

  • CVE-2014-0227
    The Tomcat security team identified that it was possible to conduct HTTP
    request smuggling attacks or cause a DoS by streaming malformed data.
  • CVE-2014-0230
    AntBean@secdig, from the Baidu Security Team, disclosed that it was
    possible to cause a limited DoS attack by feeding data by aborting an
    upload.
  • CVE-2014-7810
    The Tomcat security team identified that malicious web applications could
    bypass the Security Manager by the use of expression language.

For Debian 6 Squeeze, these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C