CentOS Errata and Security Advisory CESA-2007:0871
Tomcat is a servlet container for Java Servlet and Java Server Pages technologies.
Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).
Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-September/014257.html http://lists.centos.org/pipermail/centos-announce/2007-September/014258.html
Affected packages: tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps
Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0871.html