[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 232-1] tomcat6 security update

Package        : tomcat6
Version        : 6.0.41-2+squeeze7
CVE ID         : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810
Debian Bug     : 787010 785312 785316

The following vulnerabilities were found in Apache Tomcat 6:


    The Tomcat security team identified that it was possible to conduct HTTP
    request smuggling attacks or cause a DoS by streaming malformed data.


    AntBean@secdig, from the Baidu Security Team, disclosed that it was
    possible to cause a limited DoS attack by feeding data by aborting an


    The Tomcat security team identified that malicious web applications could
    bypass the Security Manager by the use of expression language.

For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version

Attachment: signature.asc
Description: Digital signature

Reply to: