2188351 - How to overcome cve-2014-0230 and cve-2014-7810 vulnerabilities affecting Apache Tomcat installed with SAP BusinessObjects Business Intelligence Platform (BI) 4.0/4.1

• Apache Tomcat prior to 6.0.44, 7.0.55, 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.
• The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
• Successfully exploiting these vulnerabilities might allow a remote attacker to bypass security restrictions.

• Multiple vulnerabilities affecting Apache Tomcat have been reported:
  - Denial of Service Vulnerability (CVE-2014-0230).
  - Security Manager bypass Vulnerability (CVE-2014-7810).

• SAP BusinessObjects Business Intelligence Platform (BI) 4.0/4.1.
• All supported OS.
• Tomcat (6, 7, 8) (Below the minor versions which are mentioned in symptoms)

Tomcat, BI, 4.x, 4.0, 4.1, multiple, vulnerabilities, Apache, security, cve-2014-0230, cve-2014-7810, cve, 7, 8, 6, , KBA , BI-BIP-INS , Installation, Updates, Upgrade, Patching , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem