CESA-2008:0042: tomcat security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | December 27, 2007 | March 12, 2010 | July 04, 2017 |
Description
Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- APPLE-APPLE-SA-2008-06-30
- APPLE-APPLE-SA-2008-10-09
- BID-26070
- BID-27006
- BID-31681
- CENTOS-CESA-2008:0042
- CVE-2007-5342
- CVE-2007-5461
- DEBIAN-DSA-1447
- DEBIAN-DSA-1453
- OSVDB-39833
- OVAL-OVAL10417
- OVAL-OVAL9202
- REDHAT-RHSA-2008:0042
- REDHAT-RHSA-2008:0195
- REDHAT-RHSA-2008:0261
- REDHAT-RHSA-2008:0630
- REDHAT-RHSA-2008:0831
- REDHAT-RHSA-2008:0832
- REDHAT-RHSA-2008:0833
- REDHAT-RHSA-2008:0834
- REDHAT-RHSA-2008:0862
- XF-37243
- XF-39201
Solution
centos-upgrade-tomcat5Related Vulnerabilities
- OS X security update 2008-007 for Networking (CVE-2008-3645)
- HP-UX: CVE-2008-2364: Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
- Cent OS: CVE-2008-2712: CESA-2008:0580 (vim)
- SUSE Linux Security Vulnerability: CVE-2008-1389
- RHSA-2008:0967: httpd security and bug fix update
- Cent OS: CVE-2008-1232: CESA-2008:0648 (tomcat)
- OS X security update 2010-002 for vim (CVE-2008-2712)
- SUSE Linux Security Advisory: SUSE-SR:2009:002
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-6286)
- FreeBSD: mysql -- privilege escalation and overwrite of the system table information (CVE-2007-5969)
- FreeBSD: vim -- Vim Shell Command Injection Vulnerabilities (CVE-2008-2712)
- OS X security update 2008-007 for libxslt (CVE-2008-1767)
- USN-624-2: Erlang vulnerability
- Gentoo Linux: CVE-2007-5969: MySQL: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2008-2370
- OS X update for PHP (CVE-2008-2371)
- USN-628-1: PHP vulnerabilities
- OS X security update 2008-007 for MySQL Server (CVE-2008-2079)
- ELSA-2008-0617 Moderate: Enterprise Linux vim security update
- Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
- Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)
- OS X security update 2008-007 for ClamAV (CVE-2008-3914)
- Apache Tomcat: Low: Session hi-jacking (CVE-2007-5333)
- Gentoo Linux: CVE-2008-3913: ClamAV: Multiple Denials of Service
- RHSA-2010:0602: Red Hat Certificate System 7.3 security update
- RHSA-2009:1454: tomcat5 security update
- SUSE Linux Security Advisory: SUSE-SR:2008:003
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1232)
- Apache Tomcat Host Manager Cross-Site Scripting Vulnerability
- Cent OS: CVE-2008-2370: CESA-2008:0648 (tomcat)
- Cent OS: CVE-2008-3432: CESA-2008:0617 (vim)
- SUSE Linux Security Advisory: SUSE-SR:2008:013
- FreeBSD: cups -- multiple vulnerabilities (Multiple CVEs)
- RHSA-2008:0937: cups security update
- RHSA-2008:0580: vim security update
- SUSE Linux Security Vulnerability: CVE-2008-3913
- RHSA-2008:0862: tomcat security update
- RHSA-2007:1155: mysql security update
- SUSE Linux Security Advisory: SUSE-SR:2008:005
- ELSA-2007-1155 Important: Enterprise Linux mysql security update
- MySQL DATA DIRECTORY and INDEX DIRECTORY symlink system table overwrite
- FreeBSD: mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (Multiple CVEs)
- Sun Patch: SunOS 5.9: Apache Security Patch
- OS X security update 2008-007 for Tomcat (CVE-2008-0002)
- OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1947)
- SUSE Linux Security Vulnerability: CVE-2008-2371
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5342)
- OS X security update 2008-005 for PHP (CVE-2007-4850)
- FreeBSD: pcre -- buffer overflow vulnerability (CVE-2008-0674)
- USN-671-1: MySQL vulnerabilities
- FreeBSD: apache -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2008-2079: MySQL: Privilege bypass
- OS X security update 2008-007 for MySQL Server (CVE-2007-5969)
- ELSA-2008-0287 Important: Enterprise Linux libxslt security update
- RHSA-2009:1164: tomcat security update
- SUSE Linux Security Vulnerability: CVE-2008-2364
- FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
- CESA-2007:1155: RHSA-2007:1155
- ELSA-2008-0937 Important: Enterprise Linux cups security update
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-2370)
- OS X security update 2008-007 for Tomcat (CVE-2008-2938)
- RHSA-2008:0151: JBoss Enterprise Application Platform 4.2.0CP02 security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-2370)
- Apache Tomcat Exception Handling Information Disclosure Vulnerability
- Sun Patch: SunOS 5.9_x86: Apache Security Patch
- Cent OS: CVE-2008-2938: CESA-2008:0648 (tomcat)
- Gentoo Linux: CVE-2008-0002: Tomcat: Multiple vulnerabilities
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- PHP Multiple Vulnerabilities Fixed in version 4.4.9
- Gentoo Linux: CVE-2008-1678: Apache: Denial of Service
- SUSE Linux Security Vulnerability: CVE-2008-1232
- Gentoo Linux: CVE-2008-1389: ClamAV: Multiple Denials of Service
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5342)
- Sun Patch: SunOS 5.10: Apache 1.3 Patch
- OS X security update 2008-007 for Apache (CVE-2008-1678)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5461)
- OS X security update 2008-005 for PHP (CVE-2008-0674)
- SUSE Linux Security Advisory: SUSE-SR:2008:017
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-1232)
- USN-588-1: MySQL vulnerabilities
- USN-581-1: PCRE vulnerability
- RHSA-2009:1563: tomcat security update
- FreeBSD: clamav -- CHM Processing Denial of Service (CVE-2008-1389)
- SUSE Linux Security Vulnerability: CVE-2007-6286
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5333)
- VMSA-2009-0004.3: Updated vim package (CVE-2008-4101)
- PHP Vulnerability: CVE-2007-4850
- Cent OS: CVE-2008-4101: CESA-2008:0580 (vim)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5333)
- Gentoo Linux: CVE-2007-6420: Apache: Denial of Service
- RHSA-2008:0877: jbossweb security update
- Apache Tomcat JULI Logging Component Security Bypass
- RHSA-2008:0618: vim security update
- Gentoo Linux: CVE-2007-5461: Tomcat: Multiple vulnerabilities
- RHSA-2008:0617: vim security update
- Apache Tomcat: Low: Cross-site scripting (CVE-2008-1947)
- SUSE Linux Security Vulnerability: CVE-2008-1947
- Sun Patch: SunOS 5.10: Apache 2 Patch