Lucene search

K
debianDebianDEBIAN:DLA-232-1:8CB78
HistoryMay 28, 2015 - 7:25 p.m.

[SECURITY] [DLA 232-1] tomcat6 security update

2015-05-2819:25:54
lists.debian.org
23

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8 High

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

Package : tomcat6
Version : 6.0.41-2+squeeze7
CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810
Debian Bug : 787010 785312 785316

The following vulnerabilities were found in Apache Tomcat 6:

CVE-2014-0227

The Tomcat security team identified that it was possible to conduct HTTP
request smuggling attacks or cause a DoS by streaming malformed data.

CVE-2014-0230

AntBean@secdig, from the Baidu Security Team, disclosed that it was
possible to cause a limited DoS attack by feeding data by aborting an
upload.

CVE-2014-7810

The Tomcat security team identified that malicious web applications could
bypass the Security Manager by the use of expression language.

For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.
Attachment:
signature.asc
Description: Digital signature

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8 High

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%