Lucene search
GoogleOSV:DLA-91-1HistoryNov 23, 2014 - 12:00 a.m.
tomcat6 - security update
2014-11-2300:00:00
Google
osv.dev
13
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.949 High
EPSS
Percentile
98.9%
This is an upgrade from tomcat 6.0.35 (the version previously available
in squeeze) to 6.0.41, the full list of changes between these versions
can be see in the upstream changelog, which is available online at
<http://tomcat.apache.org/tomcat-6.0-doc/changelog.html>
This update fixes the following security issues previously not available
for squeeze:
- CVE-2014-0033
Prevent remote attackers from conducting session fixation attacks via crafted
URLs. - CVE-2013-4590
Prevent Tomcat internals information leaks. - CVE-2013-4322
Prevent remote attackers from doing denial of service attacks. - CVE-2013-4286
Reject requests with multiple content-length headers or with a content-length
header when chunked encoding is being used. - CVE-2013-1571
Avoid CVE-2013-1571 when generating Javadoc. - CVE-2012-3439
Various improvements to the DIGEST authenticator.
For Debian 6 Squeeze, these issues have been fixed in tomcat6 version 6.0.41-2+squeeze5
Thanks to Tony Mancill for doing the vast amount of the work for this update!
References
Related
osv
osv
tomcat6 - regression update
2014-11-23 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:35
debian
debian
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
ibm
ibm
Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-18 00:08:13
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
tomcat
tomcat
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
securityvulns
securityvulns
nessus
nessus
Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)
2015-01-19 00:00:00
Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
2014-02-26 00:00:00
Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
2014-02-25 00:00:00
openvas
openvas
Fedora Update for tomcat FEDORA-2014-11048
2014-10-01 00:00:00
Ubuntu Update for tomcat7 USN-2130-1
2014-03-12 00:00:00
Ubuntu Update for tomcat7 USN-2130-1
2014-03-12 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
redhat
redhat
(RHSA-2014:0528) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:32:03
(RHSA-2014:0525) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:09:00
(RHSA-2014:0686) Important: tomcat security update
2014-06-10 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-08-11 18:04:13
freebsd
freebsd
tomcat -- authentication weaknesses
2012-11-05 00:00:00
seebug
seebug
Apache TomcatXML外部实体信息泄漏漏洞
2014-02-27 00:00:00
Apache Tomcat DIGEST身份验证多个安全漏洞(CVE-2012-3439)
2012-11-07 00:00:00
Apache Tomcat会话固定漏洞
2014-02-27 00:00:00
atlassian
atlassian
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
2014-05-24 04:42:42
debiancve
debiancve
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:35
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:35
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
2014-03-05 00:00:00
cve
cve
prion
prion
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:58:51
Improper Access Control
2019-05-02 04:45:30
Authorization Bypass
2019-05-02 05:02:08
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
threatpost
threatpost
Oracle Releases 40 Critical Java Patches in June Update
2013-06-19 10:40:35
cert
cert
Oracle Javadoc HTML frame injection vulnerability
2013-06-18 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.949 High
EPSS
Percentile
98.9%
Related for OSV:DLA-91-1