Debian DSA-2401-1: Remote Vulnerabilities in Tomcat6 and Mitigations
debian
February 2, 2012
Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
Topics Covered
Summary
Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:
CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
The HTTP Digest Access Authentication implementation performed
insufficient countermeasures against replay attacks.
CVE-2011-2204
In rare setups passwords were written into a logfile.
CVE-2011-2526
Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service.
CVE-2011-3190
AJP requests could be spoofed in some setups.
CVE-2011-3375
Incorrect request caching could lead to information disclosure.
CVE-2011-4858 CVE-2012-0022
This update adds countermeasures against a collision denial of
service vulnerability in the Java hashtable implementation and
addresses denial of service potentials when processing large
amounts of requests.
Additional information can be
found at https://tomcat.apache.org/security-6.html
For the stable distribution (squeeze), this problem has been fixed in
version 6.0.35-1+squeeze2.
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: tomcat6
CVE ID: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!