+233-2990093-27/29

Multiple TOMCAT vulnerabilities

21st July 2014

Multiple TOMCAT vulnerabilities

Date of First Release: 31-05-2014

Source: US-CERT/NIST

Systems Affected:

1: Tomcat before version 6.0.40
2: Tomcat 7.x before 7.0.54
3: Tomcat 8.x before 8.0.6

Description: java/org/apache/catalina/servlets/DefaultServlet.java does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a carefully crafted web application.

Impact: The vulnerability could cause unauthorized disclosure of information.

Solution: Updates

1: Tomcat of older version than 6.0.40 kindly visit http://tomcat.apache.org/security-6.html for updates.

2: Tomcat of older version than 7.0.54 kindly visit http://tomcat.apache.org/security-7.html for update.

3: Tomcat of older version than 8.0.6 kindly visit http://tomcat.apache.org/security-8.html for update.

References:

http://tomcat.apache.org/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0119

Leave a Reply

Name (Required)

Email (Required - will not be published)

Website

Message (Required)