Several security issues were fixed in Tomcat.
Software Description:
- tomcat6: Servlet and JSP engine
Details:
It was discovered that the Tomcat realm implementations incorrectly handled
passwords when a username didn't exist. A remote attacker could possibly
use this issue to enumerate usernames. (CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly
limited use of a certain utility method. A malicious application could
possibly use this to bypass Security Manager restrictions. (CVE-2016-5018)
It was discovered that Tomcat incorrectly controlled reading system
properties. A malicious application could possibly use this to bypass
Security Manager restrictions. (CVE-2016-6794)
It was discovered that Tomcat incorrectly controlled certain configuration
parameters. A malicious application could possibly use this to bypass
Security Manager restrictions. (CVE-2016-6796)
It was discovered that Tomcat incorrectly limited access to global JNDI
resources....
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libservlet2.5-java 6.0.45+dfsg-1ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4557-1
CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796,
CVE-2016-6797, CVE-2016-6816, CVE-2016-8735
Get the latest Linux and open source security news straight to your inbox.