CentOS Update For Tomcat5 CESA-2011:0336 Centos5 X86_64 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.

Affected

tomcat5 on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4476
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1625 (expat)
CentOS Security Advisory CESA-2009:0020-01 (bind)
CentOS Security Advisory CESA-2009:0437 (seamonkey)
CentOS Security Advisory CESA-2009:1082 (cups)
CentOS Security Advisory CESA-2009:1484 (postgresql)

CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64

Take action and discover your vulnerabilities