Endpoint Protection

 View Only

  • 1.  SEP 12.1 RU6 - CVE-2014-0227 Apache Tomcat Request Smuggling

    Posted May 26, 2015 08:53 AM

    Hello Team,

    SEP 12.1 RU5 uses ‘’Apache Tomcat v/7.0.52’

    server.info=Apache Tomcat/7.0.52

    server.number=7.0.52.0

    server.built=Feb 13 2014 10:24:25

     

    Is the below vulnerability fixed in 12. RU6? and what version os Tomcat used in latest version ?

    CVE-2014-0227 Apache Tomcat Request Smuggling

     

     

    Regards,

    Sankarasubramanian



  • 2.  RE: SEP 12.1 RU6 - CVE-2014-0227 Apache Tomcat Request Smuggling

    Posted May 26, 2015 08:54 AM

    For more information. Please check this below link

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0227



  • 3.  RE: SEP 12.1 RU6 - CVE-2014-0227 Apache Tomcat Request Smuggling

    Posted May 26, 2015 08:56 AM

    I believe it was updated 12.1 RU6 but you may need Symantec to confirm.



  • 4.  RE: SEP 12.1 RU6 - CVE-2014-0227 Apache Tomcat Request Smuggling

    Broadcom Employee
    Posted May 26, 2015 09:19 AM

    Hi,

    Thank you for posting in Symantec community.

    The Tomcat component built into the SEPM is updated with periodic releases of SEP.  It seems SEP 12.1 RU6 uses Apache Tomcat Version 7.0.59