Uočeno je nekoliko sigurnosnih propusta u radu programskog paketa Apache Tomcat koje je moguće iskoristiti za izvođenje napada uskraćivanja usluge, umetanje HTML i skriptnog koda, ili zaobilaženje postavljenih ograničenja.

Oracle Solaris Apache Tomcat Multiple Vulnerabilities
Secunia Advisory 	SA46776 	
Release Date 	2011-11-07

Criticality level 	Moderately criticalModerately critical
Impact 	DoS
Cross Site Scripting
Security Bypass
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	Oracle Solaris 11 Express
	Sun Solaris 10.x
	Sun Solaris 9

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2010-3718 CVSS available in Customer Area
CVE-2010-4172 CVSS available in Customer Area
CVE-2010-4312 CVSS available in Customer Area
CVE-2011-0013 CVSS available in Customer Area
CVE-2011-0534 CVSS available in Customer Area
	   	

Description

Oracle has acknowledged multiple vulnerabilities in Apache Tomcat included in Solaris, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

For more information:
SA42337
SA43194

Solution
Apply patches.
Further details available in Customer Area
Original Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat

Other references
Further details available in Customer Area