MDKSA-2007:241

Package name

tomcat5

Date

2007-12-10

Advisory ID

MDKSA-2007:241

Affected versions

2008.0 x86_64 , 2008.0 i586 , 2007.1 i586 , 2007.1 x86_64

Problem description

A number of vulnerabilities were found in Tomcat:

A directory traversal vulnerability, when using certain proxy modules,
allows a remote attacker to read arbitrary files via a .. (dot dot)
sequence with various slash, backslash, or url-encoded backslash
characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files
allow remote attackers to inject arbitrary web script or HTML
(CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host
Manager web applications allow remote authenticated users to inject
arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could
cause sensitive information such as session IDs to be leaked and allow
remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the " character sequence in a cookie
value, which could cause sensitive information such as session IDs
to be leaked and allow remote attackers to conduct session hijacking
attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet
allowed remote attackers to inject arbitrary HTML and web script via
crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues.

Updated packages

2008.0 x86_64

 a44ed55a6a2943e5ba39ea6473a2af27  2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 292e2c0a822a736fe85c498c17bb09c6  2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 c8ee3862233f323278d0b97a3f07a74d  2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 0c944fe5d8725da8fd4e57e89539fa21  2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 bcbb50b5978295bd40ec24212ca77a8a  2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 472c0a30c7ad74c0cb63da51142de438  2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 10c6da9615553dc07e2f59d226f30a1d  2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 53eba8a64c428e6e2a14e59095f958b4  2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 8c6849bcca11457dffd03aa9c9e9a35f  2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 b5b42989963c31f79a997c9c18ed4cb4  2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm
 667a7b6fe2d3bc22ef64d87c2a6b9fe7  2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 
 9522ebba28176adf03d9a7b33fb526f8  2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm

2008.0 i586

 828e35db12f9dab3a5e63c475c289f88  2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 5e98b01f16f8213db5e842dcb47e4e8b  2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 fd483503d3f313775be4c098858a4e0d  2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 23dffdf05e1c50d5cfea045552c8f3bb  2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 3da9fcc0e4c0c8366b676e0770b8fe7c  2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 03222fbcf7fad63aa6920d5d4ee55ee2  2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 566362e78e6dd5f853b616204453aa0d  2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 fd00fd2a4faa567523ba9ce959ad1efa  2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 8a8c1b69636876ac31b0968edce82d3f  2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 85d0641840725e728f18cc86925d1923  2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm
 3e62b31a3fce47b8d7e2de2ecc7eb29d  2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm 
 9522ebba28176adf03d9a7b33fb526f8  2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm

2007.1 i586

 2eaba952d2699868ef76ca11dc7743e2  2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 037b18dda99d06be0b77f35964257902  2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 d9e6c355370c0e3f9aebc7ba0edd99d5  2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 fcb4fa36ea0926a0fbd92d1f9c9d9671  2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 fedd1a27a4f46d0d793c3ceb21a57246  2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 ab5985c840c14c812b3e72dae54407f0  2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 6266395d78af5f64ce7a150b9175fab7  2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 08335caaa65e97003aa67d465ce60ae1  2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 3a4f5995900419c7354804ae0dc548b6  2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 0c27ba521cee0d06627f121df3a138c9  2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm
 07537a59d8549f412dc4c9a783f41177  2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm 
 b55342a597ab506be934b6a73ed24005  2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm

2007.1 x86_64

 aea539336fa58a995ae1411fe61934c2  2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 0225750a0d4ef032915783d0b29c1504  2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 8223d038509a71f537f537909e9ef863  2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 dedd59d873c5bb4e608b1328595f2d98  2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 c0ef0eda05488b8b571e6700a9365ea3  2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 95dae961b82630d633fc3419383dbe4b  2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 41378a0106da001d545681c185b2f5c3  2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 5448b57b7667414c12aabb1da5e528fa  2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 9a277ae64587b81f61e8c118ba4d4571  2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 1be4b0eea59741ef7efb0f51f97e19c7  2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm
 d3965a643dbdc8e685ff4b5861877254  2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 
 b55342a597ab506be934b6a73ed24005  2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461