Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-0429

Опубликовано: 23 апр. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2014-0429: tomcat6 security update (MODERATE)

[0:6.0.24-64]

  • Resolves: CVE-2014-0050

[0:6.0.24-63]

  • Resolves: CVE-2013-4322 CVE-2013-4286

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

tomcat6

6.0.24-64.el6_5

tomcat6-admin-webapps

6.0.24-64.el6_5

tomcat6-docs-webapp

6.0.24-64.el6_5

tomcat6-el-2.1-api

6.0.24-64.el6_5

tomcat6-javadoc

6.0.24-64.el6_5

tomcat6-jsp-2.1-api

6.0.24-64.el6_5

tomcat6-lib

6.0.24-64.el6_5

tomcat6-servlet-2.5-api

6.0.24-64.el6_5

tomcat6-webapps

6.0.24-64.el6_5

Oracle Linux i686

tomcat6

6.0.24-64.el6_5

tomcat6-admin-webapps

6.0.24-64.el6_5

tomcat6-docs-webapp

6.0.24-64.el6_5

tomcat6-el-2.1-api

6.0.24-64.el6_5

tomcat6-javadoc

6.0.24-64.el6_5

tomcat6-jsp-2.1-api

6.0.24-64.el6_5

tomcat6-lib

6.0.24-64.el6_5

tomcat6-servlet-2.5-api

6.0.24-64.el6_5

tomcat6-webapps

6.0.24-64.el6_5

Связанные CVE

CVE-2013-4286
CVE-2013-4322
CVE-2014-0050

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2014-0686

oracle-oval
почти 11 лет назад

ELSA-2014-0686: tomcat security update (IMPORTANT)

ubuntu логотип

CVE-2013-4286

ubuntu
больше 11 лет назад

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

redhat логотип

CVE-2013-4286

redhat
больше 11 лет назад

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

nvd логотип

CVE-2013-4286

nvd
больше 11 лет назад

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

debian логотип

CVE-2013-4286

debian
больше 11 лет назад

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-R ...