It was discovered that malicious web applications could use the
Expression Language to bypass protections of a Security Manager as
expressions were evaluated within a privileged code section.

For the oldstable distribution (wheezy), this problem has been fixed
in version 7.0.28-4+deb7u3. This update also provides fixes for
CVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and
CVE-2014-0230, which were all fixed for the stable distribution (jessie)
already.

For the stable distribution (jessie), this problem has been fixed in
version 7.0.56-3+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 7.0.61-1.

For the unstable distribution (sid), this problem has been fixed in
version 7.0.61-1.

We recommend that you upgrade your tomcat7 packages.

CPENameOperatorVersion
tomcat7eq7.0.56-3

CPE	Name	Operator	Version
	tomcat7	eq	7.0.56-3

References

www.debian.org/security/2016/dsa-3447

openvas 30

debian 3

nessus 43

ibm 46

amazon 2

fedora 1

tomcat 6

redhat 11

osv 5

ubuntu 3

kaspersky 1

freebsd 1

oraclelinux 5

symantec 1

mageia 2

securityvulns 6

debiancve 4

cve 4

prion 4

github 3

ubuntucve 3

centos 3

f5 6

veracode 2

myhack58 1

archlinux 1

checkpoint_advisories 1

cloudfoundry 1

openvas

Debian Security Advisory DSA 3447-1 (tomcat7 - security update)

2016-01-17 00:00:00

Debian: Security Advisory (DSA-3447-1)

2016-01-16 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-526)

2015-09-08 00:00:00

debian

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DLA 232-1] tomcat6 security update

2015-05-28 19:25:54

nessus

Debian DSA-3447-1 : tomcat7 - security update

2016-01-19 00:00:00

Amazon Linux AMI : tomcat7 (ALAS-2015-526)

2015-05-18 00:00:00

Fedora 21 : tomcat-7.0.59-1.fc21 (2015-2109)

2015-02-24 00:00:00

ibm

Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)

2021-09-23 01:31:39

Security Bulletin: Rational Build Forge Security Advisory (CVE-2014-0075, CVE-2014-0099)

2018-06-17 04:56:28

Security Bulletin: IBM Cognos TM1 is affected by the following Tomcat vulnerabilities: CVE-2014-0075, CVE-2014-0099

2018-06-15 22:34:27

amazon

Medium: tomcat8

2015-05-14 14:40:00

Medium: tomcat7

2015-05-14 14:38:00

fedora

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

2015-02-23 08:03:06

tomcat

Fixed in Apache Tomcat 8.0.9

2014-06-24 00:00:00

Fixed in Apache Tomcat 7.0.55

2014-07-27 00:00:00

Fixed in Apache Tomcat 7.0.53

2014-03-30 00:00:00

redhat

(RHSA-2014:1149) Moderate: Red Hat JBoss Operations Network 3.2.3 update

2014-09-03 18:03:14

(RHSA-2014:0827) Moderate: tomcat security update

2014-07-02 00:00:00

(RHSA-2014:0833) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-07-03 16:52:09

osv

tomcat6 - security update

2015-05-28 00:00:00

Apache Tomcat Unrestricted file upload vulnerability

2022-05-13 01:12:13

Improper Input Validation in Apache Tomcat

2022-05-14 01:10:18

ubuntu

Tomcat vulnerabilities

2015-06-25 00:00:00

Tomcat vulnerabilities

2014-07-30 00:00:00

Tomcat vulnerabilities

2015-06-25 00:00:00

kaspersky

KLA10072 Multiple vulnerabilities in Apache Tomcat

2014-03-30 00:00:00

freebsd

tomcat -- multiple vulnerabilities

2014-05-23 00:00:00

oraclelinux

tomcat security update

2014-07-23 00:00:00

tomcat security update

2014-08-07 00:00:00

tomcat security update

2015-05-12 00:00:00

symantec

SA100 : Apache Tomcat Vulnerabilities

2015-07-23 08:00:00

mageia

Updated tomcat and tomcat6 packages fix security vulnerabilities

2014-06-20 00:30:12

Updated tomcat packages fix CVE-2014-0227

2015-02-19 19:37:50

securityvulns

[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

2014-09-15 00:00:00

Apache Tomcat security vulnerabilities

2014-09-15 00:00:00

Apache Tomcat multiple security vulnerabilities

2014-05-29 00:00:00

debiancve

CVE-2013-4444

2014-09-12 01:55:00

CVE-2014-0099

2014-05-31 11:17:00

CVE-2014-0227

2015-02-16 00:59:00

cve

CVE-2013-4444

2014-09-12 01:55:00

CVE-2014-0227

2015-02-16 00:59:00

CVE-2014-0099

2014-05-31 11:17:00

prion

Unrestricted file upload

2014-09-12 01:55:00

Design/Logic Flaw

2015-02-16 00:59:00

Integer overflow

2014-05-31 11:17:00

github

Apache Tomcat Unrestricted file upload vulnerability

2022-05-13 01:12:13

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

Uncontrolled Resource Consumption in Apache Tomcat

2022-05-14 01:10:18

ubuntucve

CVE-2014-0227

2015-02-15 00:00:00

CVE-2014-0099

2014-05-31 00:00:00

CVE-2014-0230

2015-06-07 00:00:00

centos

tomcat6 security update

2014-07-09 16:09:49

tomcat6 security update

2015-05-12 20:44:59

tomcat security update

2015-05-13 00:54:05

SOL15432 - Apache Tomcat vulnerability CVE-2014-0099

2014-07-17 00:00:00

K16344 : Apache Tomcat vulnerability CVE-2014-0227

2015-09-16 00:00:00

SOL17123 - Apache Tomcat vulnerability CVE-2014-0230

2015-08-12 00:00:00

veracode

Denial Of Service (DoS) In ChunkedInputFilter

2019-01-15 09:06:04

Denial Of Service (DoS) Memory Consumption

2019-01-15 09:03:54

myhack58

Apache Tomcat denial of service vulnerability(CVE-2 0 1 4-0 2 3 0)-vulnerability warning-the black bar safety net

2015-05-11 00:00:00

archlinux

tomcat6: denial of service

2015-05-13 00:00:00

checkpoint_advisories

Apache Tomcat ChunkedInputFilter Denial of Service (CVE-2014-0227)

2015-03-03 00:00:00

cloudfoundry

CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry

2015-02-09 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.954 High

EPSS

Percentile

99.0%

JSON

Related for OSV:DSA-3447-1