Apache TomCat Information Leakage vulnerability

January 17, 2012 By
Summary: This TomCat update corrects an Information Leakage.

source Version/Dependency Developer Link Severity
Information At A Glance  
http://goo.gl/O4RBu   Versions Affected: Tomcat 7.0.0 to 7.0.21 Tomcat 6.0.30 to 6.0.33 Earlier versions are not affected  issues.Apache.org  IMPORTANT
 

Summary:

This issue is related to specific objects not being cleared by TomCat before another object is called. This can lead to information loss in specific situations. See the SOURCE for detailed technical information:

What do I do to fix this?

Tomcat 7.0.x users should upgrade to 7.0.22 or later Tomcat 6.0.x users should upgrade to 6.0.35 or later   Reported by: Apache Security Mailing List and Apache Security Team CVE Reference: CVE-2011-3375
Filed Under: Latest SalvusAlerts, WebServers Tagged With: