Lucene search

K
centosCentOS ProjectCESA-2007:0569
HistoryJul 22, 2007 - 3:57 p.m.

tomcat5 security update

2007-07-2215:57:46
CentOS Project
lists.centos.org
68

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.959

Percentile

99.5%

CentOS Errata and Security Advisory CESA-2007:0569

Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP)
technologies.

Some JSPs within the ‘examples’ web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the ‘examples’ web application not be installed on
a production system.

The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).

Users of Tomcat should update to these erratum packages, which contain
backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-July/076229.html
https://lists.centos.org/pipermail/centos-announce/2007-July/076230.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076417.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076418.html

Affected packages:
tomcat5
tomcat5-admin-webapps
tomcat5-common-lib
tomcat5-jasper
tomcat5-jasper-javadoc
tomcat5-jsp-2.0-api
tomcat5-jsp-2.0-api-javadoc
tomcat5-server-lib
tomcat5-servlet-2.4-api
tomcat5-servlet-2.4-api-javadoc
tomcat5-webapps

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0569

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.959

Percentile

99.5%