Debian Linux Security Advisory 3530-1 - Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
77795095ecabfbe0b7faeebcf56310cbe664e59cc59399f4ca8042fe47af5751Ubuntu Security Notice 2654-1 - It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
a174f8e325d9828914e2df7525e1cae37224c8bc3844309db620b32444e9b830Ubuntu Security Notice 2655-1 - It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Various other issues were also addressed.
b61abbda1322386d4a63d2565e2c7fe0a6030b7c311aa23adfc1d91d678321b9HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
754fae670041f7a697aa8004120dac15eb6d07f2889f1104112f7ee98c3f9f82HP Security Bulletin HPSBUX03341 SSRT102068 1 - Potential security vulnerabilities have been identified with the HP-UX Tomcat Servlet Engine. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
27c4a14678f484ed9939574e552c6be1866f9f3fde8c488f6d223027bfe42693Red Hat Security Advisory 2015-0983-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
5fbf9d2bfdeb25eabe097cd11548f49289ce461d6279a5523453f1740bab084eRed Hat Security Advisory 2015-0991-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
fbc2da9068ca45ea07b1c725a69c7635dc17156a875fe3366c804d1daa99ceb5Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
812ceadc9b7405e1b74c028dd9bff48d69f0ce6f109bef7f38161627f77360fbMandriva Linux Security Advisory 2015-084 - An updated tomcat package fixes multiple security vulnerabilities.
64e66ca878e099d017de20173c80aa4b21ef506d6441fa3365891cde5f40850eRed Hat Security Advisory 2015-0720-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
4ce89b92cfd48ba7281a739aa5bd977c0dd79177e1e4b9ae367ed1deba2659c9Red Hat Security Advisory 2015-0675-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. The release of Red Hat JBoss Data Virtualization 6.1.0 serves as a replacement for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
a75cda8ec63a5e546176c931f472dd7be9d8e3618cc45e5e9dc28e234143ba38Mandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.
97bbcd6d4926c538ddee85ad3d0f0b44d18269f0be80dd2f5d3003993c58a4a6Mandriva Linux Security Advisory 2015-053 - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. Various other issues have also been addressed.
fe7dd525200711ca8beef5888a4d5fba2a1e6a655e7bc8d56fb1e925244aad4bRed Hat Security Advisory 2015-0235-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
f64f2ca65fbace1e4788ea16f69ecf599345eb34f981247acfbecdcca41d5401Red Hat Security Advisory 2015-0234-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
89d8125129242bfb26c8918f339b601f902009b742ed74af25c35427a3a89137It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.8, 7.0.0 to 7.0.54, and 6.0.0 to 6.0.41.
1d5c8ddaa301a84465f162621064c1f462babcfcfd8432c0855a0ca51ba0abd7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed