Lucene search

K
osvGoogleOSV:DSA-2725-1
HistoryJul 18, 2013 - 12:00 a.m.

tomcat6 - several

2013-07-1800:00:00
Google
osv.dev
16

EPSS

0.718

Percentile

98.1%

Two security issues have been found in the Tomcat servlet and JSP engine:

  • CVE-2012-3544
    The input filter for chunked transfer encodings could trigger high
    resource consumption through malformed CRLF sequences, resulting in
    denial of service.
  • CVE-2013-2067
    The FormAuthenticator module was vulnerable to session fixation.

For the oldstable distribution (squeeze), these problems have been fixed in
version 6.0.35-1+squeeze3. This update also provides fixes for
CVE-2012-2733,
CVE-2012-3546,
CVE-2012-4431,
CVE-2012-4534,
CVE-2012-5885,
CVE-2012-5886 and
CVE-2012-5887,
which were all fixed for stable already.

For the stable distribution (wheezy), these problems have been fixed in
version 6.0.35-6+deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your tomcat6 packages.