Vulnerability & Exploit Database

Back to search

RHSA-2010:0580: tomcat5 security update

Severity CVSS Published Added Modified
6 (AV:N/AC:L/Au:N/C:P/I:N/A:P) July 13, 2010 August 12, 2010 July 04, 2017

Available Exploits 

Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServerPages (JSP) technologies.A flaw was found in the way Tomcat handled the Transfer-Encoding header inHTTP requests. A specially-crafted HTTP request could prevent Tomcat fromsending replies, or cause Tomcat to return truncated replies, or repliescontaining data related to the requests of other users, for all subsequentHTTP requests. (CVE-2010-2227)The Tomcat security update RHSA-2009:1164 did not, unlike the erratum textstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flawin the examples calendar application. With some web browsers, remoteattackers could use this flaw to inject arbitrary web script or HTML viathe "time" parameter. (CVE-2009-2696)Two directory traversal flaws were found in the Tomcat deployment process.A specially-crafted WAR file could, when deployed, cause a file to becreated outside of the web root into any directory writable by the Tomcatuser, or could lead to the deletion of files in the Tomcat host's workdirectory. (CVE-2009-2693, CVE-2009-2902)Users of Tomcat should upgrade to these updated packages, which containbackported patches to resolve these issues. Tomcat must be restarted forthis update to take effect.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-tomcat5

Related Vulnerabilities