Описание
ELSA-2014-1038: tomcat6 security update (LOW)
[0:6.0.24-78]
- Related: CVE-2013-4590 - remove xml schema names javaee_5,
- javaee_web_services_1_2, and javaee_web_services_1_2_client
- from descriptor.DigesterFactory initialization. These
- schema definitions are not relevant to 6.0.24 as the version
- of their spec did not exist at the time.
[0:6.0.24-77]
- Resolves: CVE-2014-0227
[0:6.0.24-76]
- Related: CVE-2013-4590 incrementing release. added
- excludearch to the spec file for ppc and ppc64. building
- on ppc produces empty javadoc files.
[0:6.0.24-74]
- Related: CVE-2013-4590 incrementing release
[0:6.0.24-73]
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
tomcat6
6.0.24-78.el6_5
tomcat6-admin-webapps
6.0.24-78.el6_5
tomcat6-docs-webapp
6.0.24-78.el6_5
tomcat6-el-2.1-api
6.0.24-78.el6_5
tomcat6-javadoc
6.0.24-78.el6_5
tomcat6-jsp-2.1-api
6.0.24-78.el6_5
tomcat6-lib
6.0.24-78.el6_5
tomcat6-servlet-2.5-api
6.0.24-78.el6_5
tomcat6-webapps
6.0.24-78.el6_5
Oracle Linux i686
tomcat6
6.0.24-78.el6_5
tomcat6-admin-webapps
6.0.24-78.el6_5
tomcat6-docs-webapp
6.0.24-78.el6_5
tomcat6-el-2.1-api
6.0.24-78.el6_5
tomcat6-javadoc
6.0.24-78.el6_5
tomcat6-jsp-2.1-api
6.0.24-78.el6_5
tomcat6-lib
6.0.24-78.el6_5
tomcat6-servlet-2.5-api
6.0.24-78.el6_5
tomcat6-webapps
6.0.24-78.el6_5
Связанные CVE
Связанные уязвимости
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.