SUSE-SU-2015:1565-1 -- SLES tomcat6ID: oval:org.secpod.oval:def:89045458 | Date: (C)2021-08-04 (M)2021-11-12 |
Class: PATCH | Family: unix |
This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass security manager protections. - CVE-2014-0227: Limited DoS in chunked transfer encoding input filter. It was discovered that the ChunkedInputFilter implementation did not fail subsequent attempts to read input early enough. A remote attacker could have used this flaw to perform a denial of service attack, by streaming an unlimited quantity of data, leading to consumption of server resources. - CVE-2014-0230: Non-persistent DoS attack by feeding data by aborting an upload It was possible for a remote attacker to trigger a non-persistent DoS attack by feeding data by aborting an upload. Additionally, the following non-security issues have been fixed: - Fix rights of all files within /usr/share/tomcat6/bin. - Don"t overwrite /var/run/tomcat6.pid when Tomcat is already running. - Miscellaneous fixes and improvements to Tomcat"s init script
Platform: |
SUSE Linux Enterprise Server 11 SP4 |