Synopsis: Moderate: tomcat security update
Advisory ID: SLSA-2014:0827-1
Issue Date: 2014-07-02
CVE Numbers: CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
—
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by
streaming an unlimited quantity of data, leading to excessive consumption
of server resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server
located behind a reverse proxy that processed the content length header
correctly. (CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
Tomcat must be restarted for this update to take effect.
—
– Scientific Linux Development Team
