Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871367
Category:Red Hat Local Security Checks
Title:RedHat Update for tomcat6 RHSA-2015:0991-01
Summary:The remote host is missing an update for the 'tomcat6'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'tomcat6'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make Tomcat
process part of the request body as new request, or cause a denial of
service. (CVE-2014-0227)

This update also fixes the following bug:

* Before this update, the tomcat6 init script did not try to kill the
tomcat process if an attempt to stop it was unsuccessful, which would
prevent tomcat from restarting properly. The init script was modified to
correct this issue. (BZ#1207048)

All Tomcat 6 users are advised to upgrade to these updated packages, which
correct these issues. Tomcat must be restarted for this update to take
effect.

Affected Software/OS:
tomcat6 on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0227
BugTraq ID: 72717
http://www.securityfocus.com/bid/72717
Bugtraq: 20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
Debian Security Information: DSA-3447 (Google Search)
http://www.debian.org/security/2016/dsa-3447
Debian Security Information: DSA-3530 (Google Search)
http://www.debian.org/security/2016/dsa-3530
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: HPSBUX03341
http://marc.info/?l=bugtraq&m=143393515412274&w=2
HPdes Security Advisory: SSRT102066
HPdes Security Advisory: SSRT102068
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RedHat Security Advisories: RHSA-2015:0983
http://rhn.redhat.com/errata/RHSA-2015-0983.html
RedHat Security Advisories: RHSA-2015:0991
http://rhn.redhat.com/errata/RHSA-2015-0991.html
http://www.securitytracker.com/id/1032791
http://www.ubuntu.com/usn/USN-2654-1
http://www.ubuntu.com/usn/USN-2655-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.