[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down
Launchpad Bug Tracker
714239 at bugs.launchpad.net
Tue Mar 29 17:06:54 UTC 2011
This bug was fixed in the package tomcat6 - 6.0.20-2ubuntu2.4
---------------
tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
java/org/apache/catalina/manager/{HTMLManagerServlet.java,
StatusTransformer.java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Thu, 24 Mar 2011 13:58:06 -0400
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.
https://bugs.launchpad.net/bugs/714239
Title:
Tomcat6 version below 6.0.32 can be easily brought down
More information about the Ubuntu-server-bugs
mailing list