[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:3080-01 -- Redhat tomcat6

ID: oval:org.secpod.oval:def:502190Date: (C)2017-11-03   (M)2023-12-14
Class: PATCHFamily: unix




Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution

Platform:
Red Hat Enterprise Linux 6
Product:
tomcat6
Reference:
RHSA-2017:3080-01
CVE-2017-12615
CVE-2017-12617
CVE-2017-5647
CVE-2017-5664
CVE    4
CVE-2017-5664
CVE-2017-5647
CVE-2017-12615
CVE-2017-12617
...
CPE    2
cpe:/o:redhat:enterprise_linux:6
cpe:/a:apache:tomcat6

© SecPod Technologies