Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8830
SynopsisThe remote web server is missing an Apache Tomcat patch update.
DescriptionApache Tomcat 6.x before 6.0.44 is affected by multiple vulnerabilities:
- A flaw in handling an aborted file upload after it has partially been completed may allow a remote attacker to exhaust available memory resources. (CVE-2014-0230)
- A flaw when handling expression language may allow an attacker can bypass the security manager protection. (CVE-2014-7810)
SolutionUpdate to Apache Tomcat version 6.0.44 or later.