[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-656 ---- tomcat6

ID: oval:org.secpod.oval:def:1600331Date: (C)2016-05-19   (M)2023-12-14
Class: PATCHFamily: unix




It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made

Platform:
Amazon Linux AMI
Product:
tomcat6
Reference:
ALAS-2016-656
CVE-2014-7810
CVE-2014-0230
CVE    2
CVE-2014-7810
CVE-2014-0230
CPE    2
cpe:/o:amazon:linux
cpe:/a:apache:tomcat6

© SecPod Technologies