Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0042
HistoryMar 19, 2008 - 12:04 a.m.

tomcat5 security update

2008-03-1900:04:06
CentOS Project
lists.centos.org
51

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON

CentOS Errata and Security Advisory CESA-2008:0042

Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.

A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. In some configurations it allowed remote authenticated users to
read files accessible to the local tomcat process. (CVE-2007-5461)

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)

Users of Tomcat should update to these errata packages, which contain
backported patches and are not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076926.html
https://lists.centos.org/pipermail/centos-announce/2008-March/076927.html

Affected packages:
tomcat5
tomcat5-admin-webapps
tomcat5-common-lib
tomcat5-jasper
tomcat5-jasper-javadoc
tomcat5-jsp-2.0-api
tomcat5-jsp-2.0-api-javadoc
tomcat5-server-lib
tomcat5-servlet-2.4-api
tomcat5-servlet-2.4-api-javadoc
tomcat5-webapps

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0042

OSVersionArchitecturePackageVersionFilename
CentOS5i386tomcat5< 5.5.23-0jpp.3.0.3.el5_1tomcat5-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-admin-webapps< 5.5.23-0jpp.3.0.3.el5_1tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-common-lib< 5.5.23-0jpp.3.0.3.el5_1tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-jasper< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-jasper-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-jsp-2.0-api< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-jsp-2.0-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-server-lib< 5.5.23-0jpp.3.0.3.el5_1tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-servlet-2.4-api< 5.5.23-0jpp.3.0.3.el5_1tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
CentOS5i386tomcat5-servlet-2.4-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
Rows per page:
1-10 of 221

Related

redhat 8
openvas 23
nessus 37
oraclelinux 1
cve 3
gentoo 1
securityvulns 2
seebug 2
ubuntucve 3
osv 4
prion 3
veracode 2
tomcat 3
github 2
debian 2
checkpoint_advisories 1
redhatcve 1
fedora 5
altlinux 1
vmware 4
ibm 1
redhat
redhat
(RHSA-2008:0042) Moderate: tomcat security update
2008-03-11 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
(RHSA-2008:0862) Important: tomcat security update
2008-10-02 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2008-0042
2015-10-08 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
nessus
nessus
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : tomcat (RHSA-2008:0042)
2008-03-13 00:00:00
CentOS 5 : tomcat (CESA-2008:0042)
2010-01-06 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2008-03-11 00:00:00
cve
cve
CVE-2007-5461
2007-10-15 18:17:00
CVE-2007-5342
2007-12-27 22:46:00
CVE-2007-5731
2007-10-30 23:46:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
securityvulns
securityvulns
Apache Tomcat weak default permissions
2007-12-26 00:00:00
[CVE-2007-5342] Apache Tomcat&#39;s default security policy is too open
2007-12-26 00:00:00
seebug
seebug
Apache Tomcat JULI日志组件默认安全策略漏洞
2007-12-26 00:00:00
Apache Tomcat WebDav远程信息泄露漏洞
2007-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2007-5342
2007-12-27 00:00:00
CVE-2007-5461
2007-10-15 00:00:00
CVE-2007-5731
2007-10-30 00:00:00
osv
osv
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
Apache Tomcat Path Traversal Vulnerability
2022-05-01 18:33:34
prion
prion
Design/Logic Flaw
2007-12-27 22:46:00
Path traversal
2007-10-15 18:17:00
Path traversal
2007-10-30 23:46:00
veracode
veracode
Restriction Bypass
2019-03-25 08:40:44
Path Traversal
2018-11-12 08:02:36
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
github
github
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat Path Traversal Vulnerability
2022-05-01 18:33:34
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
redhatcve
redhatcve
CVE-2007-5731
2019-10-04 21:11:49
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON
Related for CESA-2008:0042
redhat8openvas23nessus37oraclelinux1cve3gentoo1securityvulns2seebug2ubuntucve3osv4prion3veracode2tomcat3github2debian2checkpoint_advisories1redhatcve1fedora5altlinux1vmware4ibm1