Tomcat 6 vulns

Print Friendly, PDF & Email

DSA 2401-1
Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:

CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064

The HTTP Digest Access Authentication implementation performed
insufficient countermeasures against replay attacks.

CVE-2011-2204

In rare setups passwords were written into a logfile.

CVE-2011-2526

Missing input sanisiting in the HTTP APR or HTTP NIO connectors
could lead to denial of service.

CVE-2011-3190

AJP requests could be spoofed in some setups.

CVE-2011-3375

Incorrect request caching could lead to information disclosure.

CVE-2011-4858 CVE-2012-0022

This update adds countermeasures against a collision denial of
service vulnerability in the Java hashtable implementation and
addresses denial of service potentials when processing large
amounts of requests.

Additional information can be
found at http://tomcat.apache.org/security-6.html

ILRT servers will be updated next Tuesday morning.