You are here

V-032:Ubuntu update for tomcat6

November 23, 2012 - 3:30am

Addthis

PROBLEM:

Ubuntu update for tomcat6

PLATFORM:

Ubuntu Linux 10.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

ABSTRACT:

Several security issues were fixed in Apache Tomcat.

REFERENCE LINKS:

Ubuntu Security Notice USN-1637-1
Apache Tomcat Security Updates
Secunia Advisory  SA51371 
CVE-2012-2733
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887

IMPACT ASSESSMENT:

Medium

DISCUSSION:

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733) It was discovered that Apache Tomcat incorrectly handled DIGEST
authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

IMPACT:

Malicious people can bypass certain security restrictions and cause a DoS

SOLUTION:

The problem can be corrected by applying updated packages.

Addthis