Ubuntu
tomcat6 package

  1. Lucid (10.04)
  2. Bug #843701
  3. Comment #12

Comment 12 for bug 843701

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tomcat5.5 - 5.5.25-5ubuntu1.3

---------------
tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low

  * SECURITY UPDATE: Apache Tomcat Authentication bypass and information
    disclosure (LP: #843701).
   - connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java: Prevent AJP
     request forgery via unread request body packet - upstream patch from Mark
     Thomas
   - http://svn.apache.org/viewvc?view=revision&revision=1162960
   - CVE-2011-3190
 -- James Page <email address hidden> Mon, 26 Sep 2011 11:42:02 +0100