Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities

High

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

Apache Tomcat 6.x before 6.0.44 is affected by multiple vulnerabilities:

- A flaw in handling an aborted file upload after it has partially been completed may allow a remote attacker to exhaust available memory resources. (CVE-2014-0230)

- A flaw when handling expression language may allow an attacker can bypass the security manager protection. (CVE-2014-7810)

Solution

Update to Apache Tomcat version 6.0.44 or later.