Lucene search

K
redhatRedHatRHSA-2011:0348
HistoryMar 10, 2011 - 12:00 a.m.

(RHSA-2011:0348) Important: tomcat6 security update

2011-03-1000:00:00
access.redhat.com
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

91.2%

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote
attacker could use this flaw to cause a denial of service (out-of-memory
condition) via a specially-crafted request containing a large NIO buffer
size request value. (CVE-2011-0534)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

91.2%