PROBLEM:
Ubuntu update for tomcat6
PLATFORM:
Ubuntu Linux 10.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04
ABSTRACT:
Several security issues were fixed in Apache Tomcat.
REFERENCE LINKS:
Ubuntu Security Notice USN-1637-1
Apache Tomcat Security Updates
Secunia Advisory SA51371
CVE-2012-2733
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887
IMPACT ASSESSMENT:
Medium
DISCUSSION:
It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733) It was discovered that Apache Tomcat incorrectly handled DIGEST
authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)
IMPACT:
Malicious people can bypass certain security restrictions and cause a DoS
SOLUTION:
The problem can be corrected by applying updated packages.