Oracle Solaris Third-Party Patch Update : tomcat (cve_2011_3375_information_disclosure)
Medium Nessus Plugin ID 80789
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
SolutionUpgrade to Solaris 11/11 SRU 04.