Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. A remote attacker could use
this flaw to cause the Tomcat server to stop responding, resulting in
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 12.04 LTS. (CVE-2012-3544)
It was discovered that Tomcat incorrectly handled certain
authentication requests. A remote attacker could possibly use this
flaw to inject a request that would get executed with a victim's
credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04
LTS, and Ubuntu 12.10. (CVE-2013-2067)
It was discovered that Tomcat sometimes exposed elements of a previous
request to the current request. This could allow a remote attacker to
possibly obtain sensitive information. This issue only affected Ubuntu
12.10 and Ubuntu 13.04. (CVE-2013-2071).
Update the affected libtomcat6-java and / or libtomcat7-java packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true