tomcat6

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed

Resolved

Group Affected Fixed Severity Status Ticket
AVG-84 6.0.47-1 6.0.48-1 High Fixed
AVG-51 6.0.45-1 6.0.47-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2016-8735 AVG-84 High Yes Arbitrary code execution
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener...
CVE-2016-6816 AVG-84 Medium Yes Information disclosure
The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the...
CVE-2016-5388 AVG-51 Medium Yes Proxy injection
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...

Advisories

Date Advisory Group Severity Description
02 Nov 2016 ASA-201611-6 AVG-51 Medium proxy injection
23 Nov 2016 ASA-201611-22 AVG-84 High multiple issues