Information Security all in one place!

Apache Tomcat Important Updates Released!

The Apache Tomcat developers have released versions 7.0.23, 6.0.34 and 5.5.35 of the Java servlet and JSP container after recent investigations revealed inefficiencies in how large numbers of parameters and parameter values were handled. Analysis of the recent hash collision denial of service vulnerability had allowed the developers to identify “unrelated inefficiencies” which could be exploited by a specially crafted request, causing large amounts of CPUto be consumed. The developers have now modified the code to efficiently process large numbers of parameters and values.

Apache Tomcat - back

Tomcat 7.0.23 and 6.0.34 also address an information leakage issue which was not present in earlier versions. When parsing requests, for performance reasons, information is cached in two places and is not recycled at the same time. In certain circumstances one of those caches is reused leading to the previous request’s IP address and headers being left in the cache of the new request.

The Tomcat 7.0.23 release also includes some new features such as the ability to start and stop child containers in parallel, improved start times through caching and better handling of failed deployments. Full details of the new features and the many bug fixes are available in the 7.0.23 changelog.

There are also some bug fixes noted in the 5.5.35 changelog and 6.0.34 changelog. The developers also remind users that the Tomcat 5.5 branch reaches its end of life on 30 September 2012 and will almost completely disappear at the end of the year.

Users can download version 7.0.23version 6.0.34 and version 5.5.35 from the Apache Tomcat site.

Read More:

See Also:


2 responses

  1. Pingback: Update – Apache Tomcat developers advise updates to avoid DoS « NetSecurityIT

  2. Pingback: London leaving, maybe MP | Bexley OH Real Estate

Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s