Scientific Linux Security Update : tomcat6 on SL6.x i386/srpm/x86_64

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make
Tomcat process part of the request body as new request, or cause a
denial of service. (CVE-2014-0227)

This update also fixes the following bug :

- Before this update, the tomcat6 init script did not try
to kill the tomcat process if an attempt to stop it was
unsuccessful, which would prevent tomcat from restarting
properly. The init script was modified to correct this
issue.

Tomcat must be restarted for this update to take effect.

See also :

http://www.nessus.org/u?41da8f8e

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 83455 ()

Bugtraq ID:

CVE ID: CVE-2014-0227

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now