HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.
89e81c1ac8b82e8cd63e41150737cbd9
HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.
2c9338f86cc4928d8dbc40a966e7becf
Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.
bbfac7a6ad2ab503ae26538e4d3ecc94
Ubuntu Security Notice 1097-1 - It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service.
883d28d29970a72cb2918786cf88c357
Debian Linux Security Advisory 2160-1 - Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine. It was discovered that the SecurityManager insufficiently restricted the working directory. It was discovered that the HTML manager interface is affected by cross-site scripting. It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service.
555b213646034e07dc9537004ba8c3da
Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.
cf333be8a534d8e8100eaef2213d881e