Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:1565-1)
Summary:The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2015:1565-1 advisory.
The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2015:1565-1 advisory.

Vulnerability Insight:
This update for Tomcat fixes the following security issues:
- CVE-2014-7810: Security manager bypass via EL expressions. (bsc#931442)
It was found that the expression language resolver evaluated expressions
within a privileged code section. A malicious web application could have
used this flaw to bypass security manager protections.
- CVE-2014-0227: Limited DoS in chunked transfer encoding input filter.
(bsc#917127) It was discovered that the ChunkedInputFilter
implementation did not fail subsequent attempts to read input early
enough. A remote attacker could have used this flaw to perform a denial
of service attack, by streaming an unlimited quantity of data, leading
to consumption of server resources.
- CVE-2014-0230: Non-persistent DoS attack by feeding data by aborting an
upload It was possible for a remote attacker to trigger a non-persistent
DoS attack by feeding data by aborting an upload. (bsc#926762)
Additionally, the following non-security issues have been fixed:
- Fix rights of all files within /usr/share/tomcat6/bin. (bsc#906152)
- Don't overwrite /var/run/ when Tomcat is already running.
- Miscellaneous fixes and improvements to Tomcat's init script.

Affected Software/OS:
'tomcat6' package(s) on SUSE Linux Enterprise Server 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0227
BugTraq ID: 72717
Bugtraq: 20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling (Google Search)
Debian Security Information: DSA-3447 (Google Search)
Debian Security Information: DSA-3530 (Google Search)
HPdes Security Advisory: HPSBUX03337
HPdes Security Advisory: HPSBUX03341
HPdes Security Advisory: SSRT102066
HPdes Security Advisory: SSRT102068
RedHat Security Advisories: RHSA-2015:0675
RedHat Security Advisories: RHSA-2015:0720
RedHat Security Advisories: RHSA-2015:0765
RedHat Security Advisories: RHSA-2015:0983
RedHat Security Advisories: RHSA-2015:0991
Common Vulnerability Exposure (CVE) ID: CVE-2014-0230
BugTraq ID: 74475
HPdes Security Advisory: HPSBOV03503
HPdes Security Advisory: HPSBUX03561
RedHat Security Advisories: RHSA-2015:1621
RedHat Security Advisories: RHSA-2015:1622
RedHat Security Advisories: RHSA-2015:2659
RedHat Security Advisories: RHSA-2015:2660
RedHat Security Advisories: RHSA-2015:2661
RedHat Security Advisories: RHSA-2016:0595
RedHat Security Advisories: RHSA-2016:0596
RedHat Security Advisories: RHSA-2016:0597
RedHat Security Advisories: RHSA-2016:0598
RedHat Security Advisories: RHSA-2016:0599
Common Vulnerability Exposure (CVE) ID: CVE-2014-7810
BugTraq ID: 74665
Debian Security Information: DSA-3428 (Google Search)
RedHat Security Advisories: RHSA-2016:0492
RedHat Security Advisories: RHSA-2016:2046
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.