Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-0865

Опубликовано: 09 июл. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2014-0865: tomcat6 security and bug fix update (MODERATE)

[0:6.0.24-72]

  • Related: CVE-2014-0075 - rebuild to generate javadoc
  • correctly. previous build generated 0-length javadoc

[0:6.0.24-69]

  • Related: CVE-2014-0075 incomplete

[0:6.0.24-68]

  • Related: CVE-2013-4322. arches needs to be specified
  • as in arches noarch, so docs/webapps will produce
  • full files. building for ppc will generate empty
  • javadoc.

[0:6.0.24-67]

  • Related: CVE-2014-0050
  • Related: CVE-2013-4322

[0:6.0.24-66]

  • Resolves: CVE-2014-0099
  • Resolves: CVE-2014-0096
  • Resolves: CVE-2014-0075

[0:6.0.24-65]

  • Related: CVE-2014-0050 copy paste error

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

tomcat6

6.0.24-72.el6_5

tomcat6-admin-webapps

6.0.24-72.el6_5

tomcat6-docs-webapp

6.0.24-72.el6_5

tomcat6-el-2.1-api

6.0.24-72.el6_5

tomcat6-javadoc

6.0.24-72.el6_5

tomcat6-jsp-2.1-api

6.0.24-72.el6_5

tomcat6-lib

6.0.24-72.el6_5

tomcat6-servlet-2.5-api

6.0.24-72.el6_5

tomcat6-webapps

6.0.24-72.el6_5

Oracle Linux i686

tomcat6

6.0.24-72.el6_5

tomcat6-admin-webapps

6.0.24-72.el6_5

tomcat6-docs-webapp

6.0.24-72.el6_5

tomcat6-el-2.1-api

6.0.24-72.el6_5

tomcat6-javadoc

6.0.24-72.el6_5

tomcat6-jsp-2.1-api

6.0.24-72.el6_5

tomcat6-lib

6.0.24-72.el6_5

tomcat6-servlet-2.5-api

6.0.24-72.el6_5

tomcat6-webapps

6.0.24-72.el6_5

Связанные CVE

CVE-2014-0096
CVE-2014-0075
CVE-2014-0099

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2014-0827

oracle-oval
почти 11 лет назад

ELSA-2014-0827: tomcat security update (MODERATE)

ubuntu логотип

CVE-2014-0096

ubuntu
около 11 лет назад

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

redhat логотип

CVE-2014-0096

redhat
около 11 лет назад

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

nvd логотип

CVE-2014-0096

nvd
около 11 лет назад

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

debian логотип

CVE-2014-0096

debian
около 11 лет назад

java/org/apache/catalina/servlets/DefaultServlet.java in the default s ...

Уязвимость ELSA-2014-0865