Описание
ELSA-2014-0686: tomcat security update (IMPORTANT)
[0:7.0.42-5]
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
tomcat
7.0.42-5.el7_0
tomcat-admin-webapps
7.0.42-5.el7_0
tomcat-docs-webapp
7.0.42-5.el7_0
tomcat-el-2.2-api
7.0.42-5.el7_0
tomcat-javadoc
7.0.42-5.el7_0
tomcat-jsp-2.2-api
7.0.42-5.el7_0
tomcat-jsvc
7.0.42-5.el7_0
tomcat-lib
7.0.42-5.el7_0
tomcat-servlet-3.0-api
7.0.42-5.el7_0
tomcat-webapps
7.0.42-5.el7_0
Связанные CVE
Связанные уязвимости
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...