(RHSA-2011:0348) Important: tomcat6 security update

2011-03-10T05:00:00
ID RHSA-2011:0348
Type redhat
Reporter RedHat
Modified 2016-04-04T18:31:43

Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534)

Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.