Package : tomcat6 Version : 6.0.41-2+squeeze7 CVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 Debian Bug : 787010 785312 785316 The following vulnerabilities were found in Apache Tomcat 6: CVE-2014-0227 The Tomcat security team identified that it was possible to conduct HTTP request smuggling attacks or cause a DoS by streaming malformed data. CVE-2014-0230 AntBean@secdig, from the Baidu Security Team, disclosed that it was possible to cause a limited DoS attack by feeding data by aborting an upload. CVE-2014-7810 The Tomcat security team identified that malicious web applications could bypass the Security Manager by the use of expression language. For Debian 6 "Squeeze", these issues have been fixed in tomcat6 version 6.0.41-2+squeeze7.
Attachment:
signature.asc
Description: Digital signature