[ MDVSA-2015:052 ] tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:052
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tomcat
 Date    : March 3, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tomcat packages fix security vulnerabilities:
 
 Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP
 connector is used, does not properly handle certain inconsistent HTTP
 request headers, which allows remote attackers to trigger incorrect
 identification of a request's length and conduct request-smuggling
 attacks via (1) multiple Content-Length headers or (2) a Content-Length
 header and a Transfer-Encoding: chunked header (CVE-2013-4286).
 
 Apache Tomcat 7.x before 7.0.50 processes chunked transfer codi

Leave a Reply