RedHat Update For Tomcat5 RHSA-2011:0336-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.

Affected

tomcat5 on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2011-March/msg00020.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4476

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1651
RedHat Security Advisory RHSA-2009:1083
RedHat Security Advisory RHSA-2009:0361
RedHat Security Advisory RHSA-2009:0013
RedHat Security Advisory RHSA-2009:0474

RedHat Update for tomcat5 RHSA-2011:0336-01

Take action and discover your vulnerabilities