Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1593-1:A7D57
HistoryJun 09, 2008 - 7:38 p.m.

[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting

2008-06-0919:38:32
lists.debian.org
11
JSON

Debian Security Advisory DSA-1593-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2008 http://www.debian.org/security/faq

Package : tomcat5.5
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1947

Tt was discovered that the Host Manager web application performed
insufficient input sanitising, which could lead to cross-site scripting.

For the stable distribution (etch), this problem has been fixed in
version 5.5.20-2etch3.

For the unstable distribution (sid), this problem has been fixed in
version 5.5.26-3.

We recommend that you upgrade your tomcat5.5 packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3.dsc
Size/MD5 checksum: 1277 119f28678cab927a6be1cd1e6622cb70
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz
Size/MD5 checksum: 4796377 5775bae8fac16a0e3a2c913c4768bb37
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3.diff.gz
Size/MD5 checksum: 29340 1018b80cfeeea2d4f68507be5cdee483

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch3_all.deb
Size/MD5 checksum: 1161468 170d5eb777223389eed37a8491825b42
http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch3_all.deb
Size/MD5 checksum: 2385122 70ce8a752564f7cf074775d2619fe5ee
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch3_all.deb
Size/MD5 checksum: 1459186 1bdcdab47fcbe02f0ac9b20460f777c8
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3_all.deb
Size/MD5 checksum: 56958 89f2145bc6065b94faa74a0587cc908b

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

f5 2
nessus 18
packetstorm 1
ubuntucve 1
github 1
openvas 24
osv 1
securityvulns 3
prion 1
veracode 1
seebug 1
cve 1
tomcat 2
vmware 4
fedora 3
oraclelinux 1
redhat 4
centos 1
f5
f5
K9109 : Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2013-03-19 00:00:00
SOL9109 - Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2008-09-01 00:00:00
nessus
nessus
Debian DSA-1593-1 : tomcat5.5 - missing input sanitising
2008-06-16 00:00:00
openSUSE 10 Security Update : tomcat55 (tomcat55-5385)
2008-07-08 00:00:00
openSUSE Security Update : tomcat6 (tomcat6-68)
2009-07-21 00:00:00
packetstorm
packetstorm
CVE-2008-1947.txt
2008-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2008-1947
2008-06-04 00:00:00
github
github
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
openvas
openvas
Debian Security Advisory DSA 1593-1 (tomcat5.5)
2008-06-11 00:00:00
Debian: Security Advisory (DSA-1593-1)
2008-06-11 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
osv
osv
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
securityvulns
securityvulns
Apache Tomcat crossite scripting
2010-02-25 00:00:00
CA20100222-01: Security Notice for CA Service Desk
2010-02-25 00:00:00
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
2008-06-04 00:00:00
prion
prion
Cross site scripting
2008-06-04 19:32:00
veracode
veracode
Cross-site Scripting (XSS)
2018-11-09 07:06:07
seebug
seebug
Apache Tomcatไธปๆœบ็ฎก็†ๅ™จ่ทจ็ซ™่„šๆœฌๆผๆดž
2008-06-05 00:00:00
cve
cve
CVE-2008-1947
2008-06-04 19:32:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
redhat
redhat
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:1007) Low: tomcat security update for Red Hat Network Satellite Server
2008-12-08 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
JSON
Related for DEBIAN:DSA-1593-1:A7D57
f52nessus18packetstorm1ubuntucve1github1openvas24osv1securityvulns3prion1veracode1seebug1cve1tomcat2vmware4fedora3oraclelinux1redhat4centos1