It was discovered that malicious web applications could use the
Expression Language to bypass protections of a Security Manager as
expressions were evaluated within a privileged code section.

For the oldstable distribution (wheezy), this problem has been fixed
in version 7.0.28-4+deb7u3. This update also provides fixes for
CVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and
CVE-2014-0230, which were all fixed for the stable distribution (jessie)
already.

For the stable distribution (jessie), this problem has been fixed in
version 7.0.56-3+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 7.0.61-1.

For the unstable distribution (sid), this problem has been fixed in
version 7.0.61-1.

We recommend that you upgrade your tomcat7 packages.

References

www.debian.org/security/2016/dsa-3447

debian 3

openvas 28

nessus 41

ibm 41

amazon 2

fedora 1

tomcat 6

redhat 11

freebsd 1

kaspersky 1

ubuntu 3

osv 6

oraclelinux 5

symantec 1

mageia 2

securityvulns 7

nvd 4

debiancve 5

cvelist 4

cve 4

prion 5

github 4

ubuntucve 3

f5 6

veracode 2

archlinux 1

myhack58 1

centos 1

debian

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DLA 232-1] tomcat6 security update

2015-05-28 19:25:54

openvas

Debian Security Advisory DSA 3447-1 (tomcat7 - security update)

2016-01-17 00:00:00

Debian: Security Advisory (DSA-3447-1)

2016-01-16 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-526)

2015-09-08 00:00:00

nessus

Debian DSA-3447-1 : tomcat7 - security update

2016-01-19 00:00:00

Amazon Linux AMI : tomcat8 (ALAS-2015-527)

2015-05-18 00:00:00

Fedora 21 : tomcat-7.0.59-1.fc21 (2015-2109)

2015-02-24 00:00:00

ibm

Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)

2021-09-23 01:31:39

Security Bulletin: IBM Cognos TM1 is affected by the following Tomcat vulnerabilities: CVE-2014-0075, CVE-2014-0099

2018-06-15 22:34:27

Security Bulletin: Rational Build Forge Security Advisory (CVE-2014-0075, CVE-2014-0099)

2018-06-17 04:56:28

amazon

Medium: tomcat8

2015-05-14 14:40:00

Medium: tomcat7

2015-05-14 14:38:00

fedora

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

2015-02-23 08:03:06

tomcat

Fixed in Apache Tomcat 7.0.55

2014-07-27 00:00:00

Fixed in Apache Tomcat 8.0.9

2014-06-24 00:00:00

Fixed in Apache Tomcat 7.0.53

2014-03-30 00:00:00

redhat

(RHSA-2014:1149) Moderate: Red Hat JBoss Operations Network 3.2.3 update

2014-09-03 18:03:14

(RHSA-2014:0833) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-07-03 16:52:09

(RHSA-2014:0835) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

2014-07-03 16:53:41

freebsd

tomcat -- multiple vulnerabilities

2014-05-23 00:00:00

kaspersky

KLA10072 Multiple vulnerabilities in Apache Tomcat

2014-03-30 00:00:00

ubuntu

Tomcat vulnerabilities

2014-07-30 00:00:00

Tomcat vulnerabilities

2015-06-25 00:00:00

Tomcat vulnerabilities

2015-06-25 00:00:00

osv

tomcat6 - security update

2015-05-28 00:00:00

Apache Tomcat Unrestricted file upload vulnerability

2022-05-13 01:12:13

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

oraclelinux

tomcat security update

2014-07-23 00:00:00

tomcat security update

2014-08-07 00:00:00

tomcat6 security and bug fix update

2014-07-09 00:00:00

symantec

SA100 : Apache Tomcat Vulnerabilities

2015-07-23 08:00:00

mageia

Updated tomcat and tomcat6 packages fix security vulnerabilities

2014-06-20 00:30:12

Updated tomcat packages fix CVE-2014-0227

2015-02-19 19:37:50

securityvulns

[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

2014-09-15 00:00:00

Apache Tomcat security vulnerabilities

2014-09-15 00:00:00

Apache Tomcar request spoofing

2015-02-23 00:00:00

nvd

CVE-2013-4444

2014-09-12 01:55:06

CVE-2014-0099

2014-05-31 11:17:13

CVE-2014-0075

2014-05-31 11:17:13

debiancve

CVE-2013-4444

2014-09-12 01:55:00

CVE-2014-0075

2014-05-31 11:17:00

CVE-2014-0230

2015-06-07 23:59:00

cvelist

CVE-2013-4444

2014-09-12 01:00:00

CVE-2014-0230

2015-06-07 23:00:00

CVE-2014-0099

2014-05-31 10:00:00

cve

CVE-2013-4444

2014-09-12 01:55:06

CVE-2014-0099

2014-05-31 11:17:13

CVE-2014-0230

2015-06-07 23:59:02

prion

Unrestricted file upload

2014-09-12 01:55:00

Integer overflow

2014-05-31 11:17:00

Design/Logic Flaw

2015-02-16 00:59:00

github

Apache Tomcat Unrestricted file upload vulnerability

2022-05-13 01:12:13

Uncontrolled Resource Consumption in Apache Tomcat

2022-05-14 01:10:18

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

ubuntucve

CVE-2014-0099

2014-05-31 00:00:00

CVE-2014-0227

2015-02-15 00:00:00

CVE-2014-0230

2015-06-07 00:00:00

K15432 : Apache Tomcat vulnerability CVE-2014-0099

2015-08-31 00:00:00

SOL17123 - Apache Tomcat vulnerability CVE-2014-0230

2015-08-12 00:00:00

K17123 : Apache Tomcat vulnerability CVE-2014-0230

2015-08-13 00:00:00

veracode

Denial Of Service (DoS) Memory Consumption

2019-01-15 09:03:54

Denial Of Service (DoS) In ChunkedInputFilter

2019-01-15 09:06:04

archlinux

tomcat6: denial of service

2015-05-13 00:00:00

myhack58

Apache Tomcat denial of service vulnerability(CVE-2 0 1 4-0 2 3 0)-vulnerability warning-the black bar safety net

2015-05-11 00:00:00

centos

tomcat6 security update

2014-07-09 16:09:49

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.948

Percentile

99.3%

JSON

Related for OSV:DSA-3447-1