[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down

Launchpad Bug Tracker Tue, 29 Mar 2011 10:17:27 -0700

This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.7

---------------
tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low


  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534
 -- Marc Deslauriers <[email protected]>   Thu, 24 Mar 2011 11:08:39 
-0400

** Changed in: tomcat6 (Ubuntu Karmic)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/714239

Title:
  Tomcat6 version below 6.0.32 can be easily brought down

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down

Reply via email to