04 February 2014
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0015 A vulnerability has been identified in Apache Tomcat prior to version 6.0.39. 4 February 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apache Tomcat Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1571 Member content until: Thursday, March 6 2014 Reference: ASB-2013.0075 ESB-2013.1579 ESB-2013.1517 ESB-2013.1512 ESB-2013.1491 ESB-2013.0874 ESB-2013.0873 ESB-2013.0867 ESB-2013.0854 OVERVIEW A vulnerability has been identified in Apache Tomcat prior to version 6.0.39. IMPACT The vendor has provided the following details regarding these vulnerabilities: "Avoid CVE-2013-1571 when generating Javadoc."  MITIGATION The vendor recommends updating to the latest version of Tomcat to correct these issues. REFERENCES  Tomcat 6.0.39 Released http://tomcat.apache.org/#Fixed_in_Apache_Tomcat_6.0.39 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUvCGYhLndAQH1ShLAQLmsQ/7B8rDNh7WP2jwdUEjuRtgJQZYJOOJePhq FHZwyN0O9VECvqi7nSfCpqieY03T6/doYQ1V7c6D7KmjPBNj9I5ElHcQSehkaoYk bFV4UYi1fwtJ6Y6ZEIjnXaKQfISkZXu7WCH0SE09+IMPWBxXQJdDAKlOCdfn1Q6p 8yksTQaKjqqcoM7YMdHoO2p4Ir8DVJKLO2RYEsfp35IfJ/VE37NVpZhbZEFjk7RP 5xL6XLw6tYQsKGwTj0RQAORiyHdvw1rM4JYIxbTSST+rNvLrU7iYq33E/jani1Fk gmPUb/lZ0cPjPsGacefUxXCa4gv2ieObGXhIOcbXkixN/obih1srU3LxdN27qB7Y tp5prQItA37gPfvXy6dwbEogDar5Ktser45kCc5eyPNt14iHKtbe49uLVKGAghTY EtVBxl9mvLAWHnBn6L0Ld1+udJGPPvCtp4yJ7ZSxBck6cs7NohIZiNhkUuRLSeWy 0RWKMRRKbH4YUwbRhqBFvBpXLe4Nrtw79vtAyUmIwqiQJQIDTK+8/tHRYlLQmMQn fMO+B7iaJRZFHWjBCtSeHJOHLdkS4i5/nYe9TztLWyAoVEfUaiLC3XaWUWE7wBq4 n69HKZW5hhZjVIw8lj+ZiVEdrzNaL7W5DgVKHxpYR4VqHGwZggBeEiLo9musUEdH AXoZTITopS4= =aqNL -----END PGP SIGNATURE-----