[ MDVSA-2008:188 ] tomcat5

[dude67]

tomcat5

A number of vulnerabilities have been discovered in the Apache
Tomcat server:

The default catalina.policy in the JULI logging component did not
restrict certain permissions for web applications which could allow a
remote attacker to modify logging configuration options and overwrite
arbitrary files (CVE-2007-5342).

A cross-site scripting vulnerability was found in the
HttpServletResponse.sendError() method which could allow a remote
attacker to inject arbitrary web script or HTML via forged HTTP headers
(CVE-2008-1232).

A cross-site scripting vulnerability was found in the host manager
application that could allow a remote attacker to inject arbitrary
web script or HTML via the hostname parameter (CVE-2008-1947).

A traversal vulnerability was found when using a RequestDispatcher in
combination with a servlet or JSP that could allow a remote attacker
to utilize a specially-crafted request parameter to access protected
web resources (CVE-2008-2370).

A traversal vulnerability was found when the 'allowLinking' and
'URIencoding' settings were actived which could allow a remote attacker
to use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process (CVE-2008-2938).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2007-5342
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1232
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-1947
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2370
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-2938
_______________________________________________________________________