- Vulnerability/
- RHSA-2017:3080
RHSA-2017:3080: Important: tomcat6 security update
First published: Sun Oct 29 2017(Updated: )
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.<br>Security Fix(es):<br><li> A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)</li> <li> A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)</li> <li> Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tomcat6 | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6 | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6-admin-webapps | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6-docs-webapp | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6-el | <2.1-api-6.0.24-111.el6_9 | 2.1-api-6.0.24-111.el6_9 |
| redhat/tomcat6-javadoc | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6-jsp | <2.1-api-6.0.24-111.el6_9 | 2.1-api-6.0.24-111.el6_9 |
| redhat/tomcat6-lib | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
| redhat/tomcat6-servlet | <2.5-api-6.0.24-111.el6_9 | 2.5-api-6.0.24-111.el6_9 |
| redhat/tomcat6-webapps | <6.0.24-111.el6_9 | 6.0.24-111.el6_9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1441205
- https://bugzilla.redhat.com/show_bug.cgi?id=1459158
- https://bugzilla.redhat.com/show_bug.cgi?id=1461851
- https://bugzilla.redhat.com/show_bug.cgi?id=1493220
- https://bugzilla.redhat.com/show_bug.cgi?id=1494283
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2017:3080 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2017:3080?
The severity of RHSA-2017:3080 is classified as important.
How do I fix RHSA-2017:3080?
To fix RHSA-2017:3080, update to the fixed version tomcat6-6.0.24-111.el6_9 or later.
What products are affected by RHSA-2017:3080?
RHSA-2017:3080 affects Apache Tomcat 6, specifically versions up to 6.0.24-111.el6_9.
What type of vulnerability is addressed in RHSA-2017:3080?
RHSA-2017:3080 addresses a vulnerability related to the handling of pipelined requests when using Sendfile in Tomcat.
Is there a workaround available for RHSA-2017:3080?
There is no recommended workaround for RHSA-2017:3080; the best course of action is to apply the provided updates.
- agent/severity
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/references
- agent/description
- agent/event
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2017:3080
- agent/software-canonical-lookup
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat