ALAS-2016-656 ---- tomcat6ID: oval:org.secpod.oval:def:1600331 | Date: (C)2016-05-19 (M)2023-12-14 |
Class: PATCH | Family: unix |
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made
Platform: |
Amazon Linux AMI |