CVE-2014-0050 patch in tomcat6-6.0.24-64 is broken

Solution Verified - Updated -

Issue

  • Web applications stopped working after an upgrade to RHEL6.5 and tomcat6-6.0.24-64.
  • tomcat6-6.0.24-64 includes a patch that fixes CVE-2014-0050 but apparently this patch is broken.
  • Exceptions from the Client:
May 16, 2014 9:21:53 AM de.exchange.cryptography.client.net.CryptoProxyHttpURLConnection
INFO: [1400224913478]Response code: 500
May 16, 2014 9:21:53 AM de.exchange.cryptography.client.util.ServerExceptionAnalyser analyseAndPrint(Line:50)
SEVERE: [1400224913478]Unknown and unexpected CryptoProxy server error![#9900]

Environment

  • Red Hat Enterprise Linux 6.5
  • tomcat6-6.0.24-64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In