AVG-84

Package tomcat6
Status Fixed
Severity High
Type multiple issues
Affected 6.0.47-1
Fixed 6.0.48-1
Current Removed
Ticket None
Created Wed Nov 23 12:23:03 2016
Issue Severity Remote Type Description
CVE-2016-8735 High Yes Arbitrary code execution
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener...
CVE-2016-6816 Medium Yes Information disclosure
The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the...
Date Advisory Package Description
23 Nov 2016 ASA-201611-22 tomcat6 multiple issues
References
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48