tomcat6
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Unknown |
| Version | Removed |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-84 | 6.0.47-1 | 6.0.48-1 | High | Fixed | |
| AVG-51 | 6.0.45-1 | 6.0.47-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2016-8735 | AVG-84 | High | Yes | Arbitrary code execution | The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener... |
| CVE-2016-6816 | AVG-84 | Medium | Yes | Information disclosure | The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the... |
| CVE-2016-5388 | AVG-51 | Medium | Yes | Proxy injection | It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 02 Nov 2016 | ASA-201611-6 | AVG-51 | Medium | proxy injection |
| 23 Nov 2016 | ASA-201611-22 | AVG-84 | High | multiple issues |