tomcat5 security update

2007-09-28T08:11:50
ID CESA-2007:0871
Type centos
Reporter CentOS Project
Modified 2007-09-28T08:11:51

Description

CentOS Errata and Security Advisory CESA-2007:0871

Tomcat is a servlet container for Java Servlet and Java Server Pages technologies.

Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-September/014257.html http://lists.centos.org/pipermail/centos-announce/2007-September/014258.html

Affected packages: tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0871.html