Security Advisory Moderate: tomcat6 security update

Advisory: RHSA-2017:0527-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-03-15
Last updated on: 2017-03-15
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2016-6816
CVE-2016-8745

Details

An update for tomcat6 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages
(JSP) technologies.

Security Fix(es):

* It was discovered that the code that parsed the HTTP request line permitted
invalid characters. This could be exploited, in conjunction with a proxy that
also permitted the invalid characters but with a different interpretation, to
inject data into the HTTP response. By manipulating the HTTP response the
attacker could poison a web-cache, perform an XSS attack, or obtain sensitive
information from requests other then their own. (CVE-2016-6816)

Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when
request contains characters that are not permitted by the HTTP specification to
appear not encoded, even though they were previously accepted. The newly
introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow
can be used to configure Tomcat to accept curly braces ({ and }) and the pipe
symbol (|) in not encoded form, as these are often used in URLs without being
properly encoded.

* A bug was discovered in the error handling of the send file code for the NIO
HTTP connector. This led to the current Processor object being added to the
Processor cache multiple times allowing information leakage between requests
including, and not limited to, session ID and the response body. (CVE-2016-8745)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
tomcat6-6.0.24-105.el6_8.src.rpm     MD5: 63119cc2a150a053ef036d6131d9f0fd
SHA-256: 310b74171b1611a1b5f4876fef89a62226f1b976e6e58b8700117f9784e44563
 
IA-32:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
x86_64:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
tomcat6-6.0.24-105.el6_8.src.rpm     MD5: 63119cc2a150a053ef036d6131d9f0fd
SHA-256: 310b74171b1611a1b5f4876fef89a62226f1b976e6e58b8700117f9784e44563
 
x86_64:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
tomcat6-6.0.24-105.el6_8.src.rpm     MD5: 63119cc2a150a053ef036d6131d9f0fd
SHA-256: 310b74171b1611a1b5f4876fef89a62226f1b976e6e58b8700117f9784e44563
 
IA-32:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
PPC:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
s390x:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
x86_64:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
tomcat6-6.0.24-105.el6_8.src.rpm     MD5: 63119cc2a150a053ef036d6131d9f0fd
SHA-256: 310b74171b1611a1b5f4876fef89a62226f1b976e6e58b8700117f9784e44563
 
IA-32:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
x86_64:
tomcat6-6.0.24-105.el6_8.noarch.rpm     MD5: 221eb9a2ec31c0610bf73f3f71d23ff0
SHA-256: d3c3b2ecd963a563a7e04072fc33ff0d381d8e7b83d9f0a9ad45904547fa5c97
tomcat6-admin-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 23f3cea959255e8f77b576290a66df9d
SHA-256: ed8421ce1935ec66bf946f731ded8e84b1c6ee5ef167a3c9a6ac505f201f8fed
tomcat6-docs-webapp-6.0.24-105.el6_8.noarch.rpm     MD5: d2027d518f0ef17fbf00152aa45a0c16
SHA-256: 238ac8602678e783cf2e534dd42ea90e2c4a79ac7b3f5babf0b71c806a5db120
tomcat6-el-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: 689fc8d9fc7472d0dc034aef215fd41b
SHA-256: 1f829e7b297c2775bbab3030c27d6a53f568e6214df56f1e9a84f7f6d2e32e2a
tomcat6-javadoc-6.0.24-105.el6_8.noarch.rpm     MD5: 19c12f31d593f0683faa09979c4c7f6b
SHA-256: 19e49685ba24e9f1c9e865ff036553a256e70b95ff04ebbf40cd6245e4027397
tomcat6-jsp-2.1-api-6.0.24-105.el6_8.noarch.rpm     MD5: d3dd44cb1bf213f8464fee90e4b73659
SHA-256: b645d801549714d0975d7cd2fcc01e1686c73b9aefdadcbabd28a7e6faeb2b68
tomcat6-lib-6.0.24-105.el6_8.noarch.rpm     MD5: e32a0c1810c316c65cc7ad7571e7835e
SHA-256: 15083752c6ab75a6d4d7bd49e4619d39bf4d896164f0fdd173f223a57dd22582
tomcat6-servlet-2.5-api-6.0.24-105.el6_8.noarch.rpm     MD5: 358674fc22e925ea42a29a242bd6ad49
SHA-256: 89c31ea5c981ada43e24600bd100437dba4dcc9289d82ac34a3d80f0cc023081
tomcat6-webapps-6.0.24-105.el6_8.noarch.rpm     MD5: 29f82d05e7f939644c84272b0a66bf62
SHA-256: 387d4624c8d89269af0b0120b634ab606aa8a405e98bd82954b3f6bb6f3f8fcc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/