DSA-2160-1 tomcat6 -- severalID: oval:org.secpod.oval:def:600186 | Date: (C)2011-03-10 (M)2023-11-09 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. The oldstable distribution is not affected by these issues.