icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is affected by multiple vunerabilities.

Description

Versions earlier than Apache Tomcat 6.0.37 are potentially affected by multiple vulnerabilities :

- An error exists related to chunked transfer encoding and extensions that could allow limited denial of service attacks. (CVE-2012-3544)

- An error exists related to HTML form authentication and session fixation that could allow an attacker to carry out requests using a victim's credentials. (CVE-2013-2067)

Solution

Upgrade to Apache Tomcat 6.0.37 or later.