LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tomcat: multiple vulnerabilities

Package(s):tomcat6 CVE #(s):CVE-2010-3718 CVE-2011-0013 CVE-2011-0534
Created:February 14, 2011 Updated:October 20, 2011
Description: From the Debian advisory:

It was discovered that the SecurityManager insufficiently restricted the working directory. (CVE-2010-3718)

It was discovered that the HTML manager interface is affected by cross-site scripting. (CVE-2011-0013)

It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. (CVE-2011-0534)

Alerts:
CentOS CESA-2011:1845 2011-12-20
Oracle ELSA-2011-1845 2011-12-20
Scientific Linux SL-tomc-20111220 2011-12-20
Red Hat RHSA-2011:1845-01 2011-12-20
Fedora FEDORA-2011-13457 2011-09-29
SUSE SUSE-SR:2011:005 2011-04-01
Ubuntu USN-1097-1 2011-03-29
Red Hat RHSA-2011:0791-01 2011-05-19
Red Hat RHSA-2011:0335-01 2011-03-09
openSUSE openSUSE-SU-2011:0146-1 2011-03-02
Mandriva MDVSA-2011:030 2011-02-18
Debian DSA-2160-1 2011-02-13
Oracle ELSA-2012-0474 2012-04-12
Gentoo 201206-24 2012-06-24
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds