Apache Tomcat Security Exploits Fixed by Canonical

Three Ubuntu operating systems were affected by this problem

  Ubuntu 12.04 LTS desktop
On November 21, Canonical published details about Tomcat vulnerabilities for its Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

On November 21, Canonical published details about Tomcat vulnerabilities for its Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in Apache Tomcat. It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data and DIGEST authentication.

A remote attacker could have caused a denial of service by sending requests with a large amount of header data, or could have used these flaws to perform a replay attack and bypass authentication.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest libtomcat6-java package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments