Solution
Please Install the Updated Packages.
Insight
David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. (CVE-2014-0075)
It was discovered that Tomcat did not properly restrict XSLT stylesheets.
An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. (CVE-2014-0096)
It was discovered that Tomcat incorrectly handled certain Content-Length headers. A remote attacker could use this flaw in configurations where Tomcat is behind a reverse proxy to perform HTTP request smuggling attacks.
(CVE-2014-0099)
Affected
tomcat7 on Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities