Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities
Medium Log Correlation Engine Plugin ID 800783
SynopsisThe remote web server is affected by multiple vunerabilities.
DescriptionVersions earlier than Apache Tomcat 6.0.37 are potentially affected by multiple vulnerabilities :
- An error exists related to chunked transfer encoding and extensions that could allow limited denial of service attacks. (CVE-2012-3544)
- An error exists related to HTML form authentication and session fixation that could allow an attacker to carry out requests using a victim's credentials. (CVE-2013-2067)
SolutionUpgrade to Apache Tomcat 6.0.37 or later.