Описание
ELSA-2014-0827: tomcat security update (MODERATE)
[0:7.0.42-6]
- Resolves: CVE-2014-0099 Fix possible overflow when parsing
- long values from byte array
- Resolves: CVE-2014-0096 Information discloser process XSLT
- files not subject to same constraint running under
- java security manager
- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
tomcat
7.0.42-6.el7_0
tomcat-admin-webapps
7.0.42-6.el7_0
tomcat-docs-webapp
7.0.42-6.el7_0
tomcat-el-2.2-api
7.0.42-6.el7_0
tomcat-javadoc
7.0.42-6.el7_0
tomcat-jsp-2.2-api
7.0.42-6.el7_0
tomcat-jsvc
7.0.42-6.el7_0
tomcat-lib
7.0.42-6.el7_0
tomcat-servlet-3.0-api
7.0.42-6.el7_0
tomcat-webapps
7.0.42-6.el7_0
Связанные CVE
Связанные уязвимости
ELSA-2014-0865: tomcat6 security and bug fix update (MODERATE)
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ...