Advisories ยป MGASA-2014-0268

Updated tomcat and tomcat6 packages fix security vulnerabilities

Publication date: 19 Jun 2014
Modification date: 19 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0075 , CVE-2014-0096 , CVE-2014-0099 , CVE-2014-0119

Description

Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache
Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause
a denial of service (resource consumption) via a malformed chunk size in
chunked transfer coding of a request during the streaming of data
(CVE-2014-0075).

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet
in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly
restrict XSLT stylesheets, which allows remote attackers to bypass
security-manager restrictions and read arbitrary files via a crafted web
application that provides an XML external entity declaration in conjunction
with an entity reference, related to an XML External Entity (XXE) issue
(CVE-2014-0096).

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache
Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse
proxy, allows remote attackers to conduct HTTP request smuggling attacks via
a crafted Content-Length HTTP header (CVE-2014-0099).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
constrain the class loader that accesses the XML parser used with an XSLT
stylesheet, which allows remote attackers to read arbitrary files via a
crafted web application that provides an XML external entity declaration in
conjunction with an entity reference, related to an XML External Entity
(XXE) issue, or read files associated with different web applications on a
single Tomcat instance via a crafted web application (CVE-2014-0119).

References

SRPMS

3/core

4/core