Back to search

DSA-2401-1 tomcat6 -- several vulnerabilities

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) August 31, 2011 January 28, 2013 March 19, 2014

Available Exploits 

Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Upgrade all packages built against source package tomcat6.

Use `apt-get install` to upgrade any installed packages from this list:

  • libservlet2.4-java
  • libservlet2.5-java
  • libservlet2.5-java-doc
  • libtomcat6-java
  • tomcat6
  • tomcat6-admin
  • tomcat6-common
  • tomcat6-docs
  • tomcat6-examples
  • tomcat6-extras
  • tomcat6-user

Related Vulnerabilities