Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

Versions of Tomcat 5.x earlier than 5.5.30 are potentially affected by multiple vulnerabilities :

- The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentcation may expose the local host name or IP address of the machine running Tomcat. (CVE-2010-1157)

- Several flaws in the handling of the 'Tansfer-Encoding' header could prevent the recycling of buffer. (CVE-2010-2227)

- When running under a SecurityManager, it is possible for web applications to be granted read/write permissions to any area on the file system. (CVE-2010-3718)

Solution

Upgrade to Apache Tomcat 5.5.30 or later.