| Descripción: | Summary:
The remote host is missing an update for the 'tomcat6'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)
A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote
attacker could use this flaw to cause a denial of service (out-of-memory
condition) via a specially-crafted request containing a large NIO buffer
size request value. (CVE-2011-0534)
This update also fixes the following bug:
* A bug in the 'tomcat6' init script prevented additional Tomcat instances
from starting. As well, running 'service tomcat6 start' caused
configuration options applied from '/etc/sysconfig/tomcat6' to be
overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update,
multiple instances of Tomcat run as expected. (BZ#676922)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.
Affected Software/OS:
tomcat6 on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Solution:
Please Install the Updated Packages.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
