Rapid7 Vulnerability & Exploit Database

RHSA-2006:0592: tomcat security update for Red Hat Application Server

Back to Search

RHSA-2006:0592: tomcat security update for Red Hat Application Server

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
01/17/2006
Created
07/25/2018
Added
11/26/2007
Modified
07/04/2017

Description

An updated Tomcat package that fixes multiple security issues is now available for Red Hat Application Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Multiple cross-site scripting flaws were found in the example applications shipped with Tomcat. If these scripts were made publicly available, a remote attacker could construct a carefully crafted URL to inject arbitrary web content into the vulnerable application. (CVE-2006-0254) All users of Tomcat are advised to upgrade to these updated packages, which contain backported fixes for these issues.

Solution(s)

  • redhat-upgrade-tomcat5
  • redhat-upgrade-tomcat5-admin-webapps
  • redhat-upgrade-tomcat5-webapps

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;