VDB
GCVE-110-MAGEIA-2014-82
GCVE-110-MAGEIA-2014-82
Advisory Published
Updated tomcat6 packages fix security vulnerabilities:
It was discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. A remote attacker could use this
flaw to cause the Tomcat server to stop responding, resulting in a denial
of service (CVE-2012-3544).
A frame injection in the Javadoc component in Oracle Java SE 7 Update 21
and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier;
JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect
integrity via unknown vectors related to Javadoc (CVE-2013-1571)
A flaw was found in the way the tomcat6 init script handled the
tomcat6-initd.log log file. A malicious web application deployed on Tomcat
could use this flaw to perform a symbolic link attack to change the
ownership of an arbitrary system file to that of the tomcat user, allowing
them to escalate their privileges to root (CVE-2013-1976).
It was discovered that Tomcat incorrectly handled certain authentication
requests. A remote attacker could possibly use this flaw to inject a
request that would get executed with a victim's credentials (CVE-2013-2067).
Note: With this update, tomcat6-initd.log has been moved from
/var/log/tomcat6/ to the /var/log/ directory.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kicad | 0 (affected), 20130725.bzr4024-2.1.mga4 (unaffected) | — |
| Mageia | tomcat6 | 6.0.39-1.1.mga3 (unaffected), 0 (affected), 0 (affected), 6.0.39-1.1.mga3 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.