[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure

2014-05-27 Thread Mark Thomas
CVE-2014-0097 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The code used to parse the request content length header did not che

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

2014-05-27 Thread Mark Thomas
CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define (at multiple l

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

2014-05-27 Thread Mark Thomas
CVE-2014-0075 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: It was possible to craft a malformed chunk size as part of a chucked requ

[SECURITY] CVE-2014-0095 Apache Tomcat denial of service

2014-05-27 Thread Mark Thomas
CVE-2014-0095 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC2 to 8.0.3 Description: A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the re

Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure

2014-05-27 Thread Mark Thomas
CORRECTION: This is CVE-2014-0099 *NOT* -0097 Apologies for the typo On 27/05/2014 13:46, Mark Thomas wrote: > CVE-2014-0099 Information Disclosure > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > - Apache Tomcat 8.0.0-RC1 to 8.0.3 > - Apac

[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

2014-05-27 Thread Mark Thomas
CVE-2014-0119 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.5 - Apache Tomcat 7.0.0 to 7.0.53 - Apache Tomcat 6.0.0 to 6.0.39 Description: In limited circumstances it was possible for a malicious web applica