Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2654-1
HistoryJun 25, 2015 - 12:00 a.m.

Tomcat vulnerabilities

2015-06-2500:00:00
ubuntu.com
49

7.7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.948 High

EPSS

Percentile

99.2%

JSON

Releases

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 ESM

Packages

  • tomcat7 - Servlet and JSP engine

Details

It was discovered that the Tomcat XML parser incorrectly handled XML
External Entities (XXE). A remote attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-0119)

It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-0227)

It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use this issue to cause a limited denial of service. This
issue only affected Ubuntu 14.04 LTS. (CVE-2014-0230)

It was discovered that the Tomcat Expression Language (EL) implementation
incorrectly handled accessible interfaces implemented by inaccessible
classes. An attacker could possibly use this issue to bypass a
SecurityManager protection mechanism. (CVE-2014-7810)

OSVersionArchitecturePackageVersionFilename
Ubuntu15.04noarchlibtomcat7-java< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchlibservlet3.0-java< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchlibservlet3.0-java-doc< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7-admin< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7-common< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7-docs< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7-examples< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu15.04noarchtomcat7-user< 7.0.56-2ubuntu0.1UNKNOWN
Ubuntu14.10noarchlibtomcat7-java< 7.0.55-1ubuntu0.2UNKNOWN
Rows per page:
1-10 of 271

Related

openvas 32
nessus 37
ibm 56
debian 4
ubuntu 1
osv 7
securityvulns 5
tomcat 8
freebsd 1
redhat 6
amazon 2
oraclelinux 4
symantec 1
f5 7
debiancve 3
github 4
ubuntucve 3
centos 4
prion 3
kaspersky 1
cve 4
veracode 3
mageia 1
checkpoint_advisories 1
cloudfoundry 1
openvas
openvas
Ubuntu: Security Advisory (USN-2654-1)
2015-06-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1337-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-2655-1)
2015-06-26 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2654-1)
2015-06-26 00:00:00
Ubuntu 12.04 LTS : tomcat6 vulnerabilities (USN-2655-1)
2015-06-26 00:00:00
Debian DLA-232-1 : tomcat6 security update
2015-05-29 00:00:00
ibm
ibm
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2014-0230, CVE-2014-7810,CVE-2014-0227)
2018-06-15 07:03:18
Security Bulletin: Multiple security vulnerabilities in Open Source Apache Tomcat affect IBM Cognos Business Viewpoint (CVE-2014-0227, CVE-2014-0230, CVE-2014-7810)
2020-02-13 23:52:21
Security Bulletin: Apache Tomcat vulnerabilities affect IBM SAN Volume Controller and Storwize Family (CVE-2014-0227 CVE-2014-0230)
2023-03-29 01:48:02
debian
debian
[SECURITY] [DLA 232-1] tomcat6 security update
2015-05-28 19:25:54
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
ubuntu
ubuntu
Tomcat vulnerabilities
2015-06-25 00:00:00
osv
osv
tomcat6 - security update
2015-05-28 00:00:00
tomcat7 - security update
2016-01-17 00:00:00
tomcat8 - security update
2015-12-18 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2015-05-17 00:00:00
[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure
2014-05-29 00:00:00
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
2015-05-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.44
2015-05-12 00:00:00
Fixed in Apache Tomcat 8.0.9
2014-06-24 00:00:00
Fixed in Apache Tomcat 7.0.55
2014-07-27 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2015-05-12 00:00:00
redhat
redhat
(RHSA-2015:1622) Moderate: Red Hat JBoss Web Server 2.1.0 tomcat security update
2015-08-13 15:24:28
(RHSA-2016:22545) Moderate: tomcat6 security and bug fix update
2016-01-25 05:00:00
(RHSA-2016:0492) Moderate: tomcat6 security and bug fix update
2016-03-22 00:00:00
amazon
amazon
Medium: tomcat6
2016-03-10 16:30:00
Medium: tomcat6
2015-05-14 14:33:00
oraclelinux
oraclelinux
tomcat6 security update
2014-08-11 00:00:00
tomcat6 security and bug fix update
2016-03-22 00:00:00
tomcat security update
2015-05-12 00:00:00
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
f5
f5
K38110373 : Apache Tomcat vulnerability CVE-2014-7810
2016-10-23 00:00:00
SOL38110373 - Apache Tomcat vulnerability CVE-2014-7810
2016-10-23 00:00:00
SOL15429 - Apache Tomcat vulnerability CVE-2014-0119
2014-07-17 00:00:00
debiancve
debiancve
CVE-2014-7810
2015-06-07 23:59:00
CVE-2014-0227
2015-02-16 00:59:00
CVE-2014-0119
2014-05-31 11:17:00
github
github
Improper Access Control in Apache Tomcat
2022-05-14 01:10:17
Missing XML Validation in Apache Tomcat
2022-05-14 01:10:18
Uncontrolled Resource Consumption in Apache Tomcat
2022-05-14 01:10:18
ubuntucve
ubuntucve
CVE-2014-0119
2014-05-31 00:00:00
CVE-2014-7810
2015-06-07 00:00:00
CVE-2014-0227
2015-02-15 00:00:00
centos
centos
tomcat6 security update
2016-03-23 13:09:57
tomcat security update
2014-08-07 18:48:52
tomcat security update
2015-05-13 00:54:05
prion
prion
Xxe
2014-05-31 11:17:00
Design/Logic Flaw
2015-02-16 00:59:00
Design/Logic Flaw
2015-06-07 23:59:00
kaspersky
kaspersky
KLA10070 RLF vulnerability in Apache Tomcat
2014-05-31 00:00:00
cve
cve
CVE-2014-0227
2015-02-16 00:59:00
CVE-2014-0230
2015-06-07 23:59:00
CVE-2014-0119
2014-05-31 11:17:00
veracode
veracode
SecurityManager Bypass
2019-01-15 09:10:45
Denial Of Service (DoS) In ChunkedInputFilter
2019-01-15 09:06:04
Denial Of Service (DoS) Memory Consumption
2019-01-15 09:03:54
mageia
mageia
Updated tomcat packages fix CVE-2014-0227
2015-02-19 19:37:50
checkpoint_advisories
checkpoint_advisories
Apache Tomcat ChunkedInputFilter Denial of Service (CVE-2014-0227)
2015-03-03 00:00:00
cloudfoundry
cloudfoundry
CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry
2015-02-09 00:00:00

7.7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.948 High

EPSS

Percentile

99.2%

JSON
Related for USN-2654-1
openvas32nessus37ibm56debian4ubuntu1osv7securityvulns5tomcat8freebsd1redhat6amazon2oraclelinux4symantec1f57debiancve3github4ubuntucve3centos4prion3kaspersky1cve4veracode3mageia1checkpoint_advisories1cloudfoundry1