Rapid7 Vulnerability & Exploit Database

CESA-2008:0042: tomcat security update

Back to Search

CESA-2008:0042: tomcat security update

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
12/27/2007
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.

Solution(s)

  • centos-upgrade-tomcat5
  • centos-upgrade-tomcat5-admin-webapps
  • centos-upgrade-tomcat5-common-lib
  • centos-upgrade-tomcat5-jasper
  • centos-upgrade-tomcat5-jasper-javadoc
  • centos-upgrade-tomcat5-jsp-2-0-api
  • centos-upgrade-tomcat5-jsp-2-0-api-javadoc
  • centos-upgrade-tomcat5-server-lib
  • centos-upgrade-tomcat5-servlet-2-4-api
  • centos-upgrade-tomcat5-servlet-2-4-api-javadoc
  • centos-upgrade-tomcat5-webapps

References

  • centos-upgrade-tomcat5
  • centos-upgrade-tomcat5-admin-webapps
  • centos-upgrade-tomcat5-common-lib
  • centos-upgrade-tomcat5-jasper
  • centos-upgrade-tomcat5-jasper-javadoc
  • centos-upgrade-tomcat5-jsp-2-0-api
  • centos-upgrade-tomcat5-jsp-2-0-api-javadoc
  • centos-upgrade-tomcat5-server-lib
  • centos-upgrade-tomcat5-servlet-2-4-api
  • centos-upgrade-tomcat5-servlet-2-4-api-javadoc
  • centos-upgrade-tomcat5-webapps

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;