Feeds

Apache issues Tomcat patches

Versions 6, 7 and 8 contain bugs

Choosing a cloud hosting partner with confidence

Apache has patched a series of low-level bugs in Tomcat that allowed attackers to launch denial of service and bypass file access restrictions.

The vulnerabilities affected versions six, seven and eight of the popular open source web server. They were discovered from February to April and patched late May.

One of the information disclosure affecting version six (CVE-2014-0096) allowed a malicious web app to bypass file access constraints under certain conditions:

The default servlet allows web applications to define (at multiple levels) an XSLT to be used to format a directory listing. When running under a security manager, the processing of these was not subject to the same constraints as the web application. This enabled a malicious web application to bypass the file access constraints imposed by the security manager via the use of external XML entities.

One of the DoS bugs (CVE-2014-0075) was reported by Brisbane-based RedHat security engineer David Jorm and allowed attackers to send unlimited amounts of data to be sent to the server via a malformed chunk.

Users should upgrade to the latest versions to protect against the disclosures and vulnerabilities. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.