Test ID:	1.3.6.1.4.1.25623.1.0.882188
Category:	CentOS Local Security Checks
Title:	CentOS Update for tomcat CESA-2015:0983 centos7
Summary:	Check the version of tomcat
Description:	Summary: Check the version of tomcat Vulnerability Insight: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically. Affected Software/OS: tomcat on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0227 BugTraq ID: 72717 http://www.securityfocus.com/bid/72717 Bugtraq: 20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling (Google Search) http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: HPSBUX03341 http://marc.info/?l=bugtraq&m=143393515412274&w=2 HPdes Security Advisory: SSRT102066 HPdes Security Advisory: SSRT102068 http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 http://www.mandriva.com/security/advisories?name=MDVSA-2015:053 http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0983 http://rhn.redhat.com/errata/RHSA-2015-0983.html RedHat Security Advisories: RHSA-2015:0991 http://rhn.redhat.com/errata/RHSA-2015-0991.html http://www.securitytracker.com/id/1032791 http://www.ubuntu.com/usn/USN-2654-1 http://www.ubuntu.com/usn/USN-2655-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.