Download
| Alert*
oval:org.secpod.oval:def:701296
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1600155 It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw t ... oval:org.secpod.oval:def:107624 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:601073 Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerable ... oval:org.secpod.oval:def:14058 The host is installed with Apache Tomcat 6.x before 6.0.37 or 7.x before 7.0.30 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle chunk extensions in chunked transfer coding. Successful exploitation allows attackers to cause a denia ... |