Apache Tomcat: Multiple vulnerabilities

Apache Tomcat: Multiple vulnerabilities Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. tomcat 2014-12-15 2016-03-20 442014 469434 500600 511762 517630 519590 remote 7.0.56 6.0.41 6.0.42 6.0.43 6.0.44 6.0.45 6.0.46 6.0.47 6.0.48 7.0.56

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.

A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions.

There is no known workaround at this time.

All Tomcat 6.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"

All Tomcat 7.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"

CVE-2012-2733 CVE-2012-3544 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 CVE-2013-2067 CVE-2013-2071 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 CVE-2014-0050 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 craig ackle