7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
8 High
AI Score
Confidence
Low
0.946 High
EPSS
Percentile
99.3%
Package : tomcat6
Version : 6.0.41-2+squeeze7
CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810
Debian Bug : 787010 785312 785316
The following vulnerabilities were found in Apache Tomcat 6:
CVE-2014-0227
The Tomcat security team identified that it was possible to conduct HTTP
request smuggling attacks or cause a DoS by streaming malformed data.
CVE-2014-0230
AntBean@secdig, from the Baidu Security Team, disclosed that it was
possible to cause a limited DoS attack by feeding data by aborting an
upload.
CVE-2014-7810
The Tomcat security team identified that malicious web applications could
bypass the Security Manager by the use of expression language.
For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version
6.0.41-2+squeeze7.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | tomcat6 | < 6.0.41-2+squeeze7 | tomcat6_6.0.41-2+squeeze7_all.deb |
Debian | 8 | all | libtomcat8-java | < 8.0.14-1+deb8u1 | libtomcat8-java_8.0.14-1+deb8u1_all.deb |
Debian | 7 | all | tomcat6-docs | < 6.0.45+dfsg-1~deb7u1 | tomcat6-docs_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 8 | all | tomcat7-admin | < 7.0.56-3+deb8u1 | tomcat7-admin_7.0.56-3+deb8u1_all.deb |
Debian | 7 | all | tomcat6-user | < 6.0.45+dfsg-1~deb7u1 | tomcat6-user_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 7 | all | tomcat6-examples | < 6.0.45+dfsg-1~deb7u1 | tomcat6-examples_6.0.45+dfsg-1~deb7u1_all.deb |
Debian | 6 | all | tomcat6-extras | < 6.0.41-2+squeeze7 | tomcat6-extras_6.0.41-2+squeeze7_all.deb |
Debian | 8 | all | tomcat8-admin | < 8.0.14-1+deb8u1 | tomcat8-admin_8.0.14-1+deb8u1_all.deb |
Debian | 8 | all | libservlet3.0-java | < 7.0.56-3+deb8u1 | libservlet3.0-java_7.0.56-3+deb8u1_all.deb |
Debian | 6 | all | tomcat6-user | < 6.0.41-2+squeeze7 | tomcat6-user_6.0.41-2+squeeze7_all.deb |