SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionVersions of Tomcat 7.0.x earlier than 7.0.19 are potentially affected by multiple vulnerabilities :
- An issue exists in the error handling related to the MemoryUserDatabase that allows user passwords to be disclosed through log files. (CVE-2011-2204)
- An input validation issue exists that allows a local attacker to either bypass security or carry out denial of service attacks when the APR or NIO connectors are enabled. (CVE-2011-2526)
SolutionUpgrade to Apache Tomcat 7.0.19 or later.