Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.
812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
Debian Linux Security Advisory 2897-1 - Multiple security issues were found in the Tomcat servlet and JSP engine.
2b66a4a8295291756dace91cbeeb0f72ed10e5069d62d5a8388c8a95212581eb
HP Security Bulletin HPSBMU02966 - A potential security vulnerability has been identified with HP Operations Orchestration. The vulnerability could be exploited to gain unauthorized access to information. Revision 1 of this advisory.
32d365b078cb65bcb4beceeac0ade27c68c83a77127c990b36aeb5f30104c0ba
Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afd
Red Hat Security Advisory 2013-1011-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
cadd38f37fb1b46b32962ed1bb5969dfd435931e8d2d4a4d9dff2d5e6173a51c
Red Hat Security Advisory 2013-1012-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
35427631191e8b8a15c2ccf348534c44c88f0f64d52cc8050a784c8592125f6c
Ubuntu Security Notice 1841-1 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.
b002a0a0604129aab3c01f6d632495573ac355189b6d1b38e345b90d003d572a
There was a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw RuntimeExceptions. The issue was fixed by catching the RuntimeExceptions. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.
cde648eb3c646ccc296e6a2d348bb89e68c2c0471e19b83178341c84734cf58f