CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
99.3%
CentOS Errata and Security Advisory CESA-2015:0983
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make Tomcat
process part of the request body as new request, or cause a denial of
service. (CVE-2014-0227)
All Tomcat 7 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the tomcat service will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-May/083290.html
Affected packages:
tomcat
tomcat-admin-webapps
tomcat-docs-webapp
tomcat-el-2.2-api
tomcat-javadoc
tomcat-jsp-2.2-api
tomcat-jsvc
tomcat-lib
tomcat-servlet-3.0-api
tomcat-webapps
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0983
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | noarch | tomcat | < 7.0.54-2.el7_1 | tomcat-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-admin-webapps | < 7.0.54-2.el7_1 | tomcat-admin-webapps-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-docs-webapp | < 7.0.54-2.el7_1 | tomcat-docs-webapp-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-el-2.2-api | < 7.0.54-2.el7_1 | tomcat-el-2.2-api-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-javadoc | < 7.0.54-2.el7_1 | tomcat-javadoc-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-jsp-2.2-api | < 7.0.54-2.el7_1 | tomcat-jsp-2.2-api-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-jsvc | < 7.0.54-2.el7_1 | tomcat-jsvc-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-lib | < 7.0.54-2.el7_1 | tomcat-lib-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-servlet-3.0-api | < 7.0.54-2.el7_1 | tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch.rpm |
CentOS | 7 | noarch | tomcat-webapps | < 7.0.54-2.el7_1 | tomcat-webapps-7.0.54-2.el7_1.noarch.rpm |