CESA-2008:0042: tomcat security update
Description
Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.
Solution(s)
- centos-upgrade-tomcat5
- centos-upgrade-tomcat5-admin-webapps
- centos-upgrade-tomcat5-common-lib
- centos-upgrade-tomcat5-jasper
- centos-upgrade-tomcat5-jasper-javadoc
- centos-upgrade-tomcat5-jsp-2-0-api
- centos-upgrade-tomcat5-jsp-2-0-api-javadoc
- centos-upgrade-tomcat5-server-lib
- centos-upgrade-tomcat5-servlet-2-4-api
- centos-upgrade-tomcat5-servlet-2-4-api-javadoc
- centos-upgrade-tomcat5-webapps
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center