This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make
Tomcat process part of the request body as new request, or cause a
denial of service. (CVE-2014-0227)
This update also fixes the following bug :
- Before this update, the tomcat6 init script did not try
to kill the tomcat process if an attempt to stop it was
unsuccessful, which would prevent tomcat from restarting
properly. The init script was modified to correct this
Tomcat must be restarted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.4