Apache Tomcat 7.0.x < 7.0.55 / 8.0.x < 8.0.9 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8831
SynopsisThe remote web server is missing an Apache Tomcat patch update.
DescriptionApache Tomcat 7.0.x before 7.0.55 or 8.0.x before 8.0.9 is affected by multiple vulnerabilities:
- A flaw in handling attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service by streaming data with malformed chunked transfer coding. (CVE-2014-0227)
- A flaw in handling an aborted file upload after it has partially been completed may allow a remote attacker to exhaust available memory resources. (CVE-2014-0230)
SolutionUpdate to Apache Tomcat version 7.0.55 or 8.0.9 or later.