Scientific Linux Security Update : tomcat on SL7.x (noarch) (20150512)
medium Nessus Plugin ID 83456
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 2.5
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)After installing this update, the tomcat service will be restarted automatically.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 83456
File Name: sl_20150512_tomcat_on_SL7_x.nasl
Version: 2.7
Type: local
Agent: unix
Published: 5/14/2015
Updated: 1/14/2021
Dependencies: ssh_get_info.nasl
Risk Information
Risk Factor: Medium
VPR Score: 2.5
CVSS v2.0
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:tomcat, p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps, p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp, p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api, p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc, p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api, p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc, p-cpe:/a:fermilab:scientific_linux:tomcat-lib, p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api, p-cpe:/a:fermilab:scientific_linux:tomcat-webapps, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 5/12/2015
Vulnerability Publication Date: 2/16/2015
Reference Information
CVE: CVE-2014-0227