This bug was fixed in the package tomcat5.5 - 5.5.25-5ubuntu1.3
--------------- tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: Apache Tomcat Authentication bypass and information disclosure (LP: #843701). - connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java: Prevent AJP request forgery via unread request body packet - upstream patch from Mark Thomas - http://svn.apache.org/viewvc?view=revision&revision=1162960 - CVE-2011-3190 -- James Page <email address hidden> Mon, 26 Sep 2011 11:42:02 +0100
This bug was fixed in the package tomcat5.5 - 5.5.25-5ubuntu1.3
---------------
tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: Apache Tomcat Authentication bypass and information jk/java/ org/apache/ coyote/ ajp/AjpAprProce ssor.java: Prevent AJP svn.apache. org/viewvc? view=revision& revision= 1162960
disclosure (LP: #843701).
- connectors/
request forgery via unread request body packet - upstream patch from Mark
Thomas
- http://
- CVE-2011-3190
-- James Page <email address hidden> Mon, 26 Sep 2011 11:42:02 +0100