Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 6832
SynopsisThe remote web server is affected by multiple vunerabilities.
DescriptionVersions of Apache Tomcat earlier than 6.0.37 are potentially affected by multiple vulnerabilities :
- An error exists related to chunked transfer encoding and extensions that could allow limited denial of service attacks. (CVE-2012-3544)
- An error exists related to HTML form authentication and session fixation that could allow an attacker to carry out requests using a victim's credentials. (CVE-2013-2067)
SolutionUpgrade to Apache Tomcat 6.0.37 or later.