SynopsisThe remote web server is missing an Apache Tomcat patch update.
DescriptionApache Tomcat 7.0.x before 7.0.55 or 8.0.x before 8.0.9 is affected by multiple vulnerabilities:
- A flaw in handling attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service by streaming data with malformed chunked transfer coding. (CVE-2014-0227)
- A flaw in handling an aborted file upload after it has partially been completed may allow a remote attacker to exhaust available memory resources. (CVE-2014-0230)
SolutionUpdate to Apache Tomcat version 7.0.55 or 8.0.9 or later.