Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 7.0.x < 7.0.55 / 8.0.x < 8.0.9 Multiple Vulnerabilities

High

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

Apache Tomcat 7.0.x before 7.0.55 or 8.0.x before 8.0.9 is affected by multiple vulnerabilities:

- A flaw in handling attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service by streaming data with malformed chunked transfer coding. (CVE-2014-0227)

- A flaw in handling an aborted file upload after it has partially been completed may allow a remote attacker to exhaust available memory resources. (CVE-2014-0230)

Solution

Update to Apache Tomcat version 7.0.55 or 8.0.9 or later.