Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1447-1
HistoryJan 03, 2008 - 12:00 a.m.

tomcat5.5 several vulnerabilities

2008-01-0300:00:00
Google
osv.dev
8

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

81.7%

JSON

Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. The Common Vulnerabilities and Exposures project
identifies the following problems:

It was discovered that single quotes (') in cookies were treated
as a delimiter, which could lead to an information leak.

It was discovered that the character sequence " in cookies was
handled incorrectly, which could lead to an information leak.

It was discovered that the host manager servlet performed
insufficient input validation, which could lead to a cross-site
scripting attack.

It was discovered that the JULI logging component did not restrict
its target path, resulting in potential denial of service through
file overwrites.

It was discovered that the WebDAV servlet is vulnerable to absolute
path traversal.

The old stable distribution (sarge) doesn’t contain tomcat5.5.

For the stable distribution (etch), these problems have been fixed in
version 5.5.20-2etch1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your tomcat5.5 packages.

CPENameOperatorVersion
tomcat5.5eq5.5.20-2

Related

nessus 47
openvas 41
debian 2
redhat 12
centos 2
osv 6
oraclelinux 2
seebug 5
veracode 6
securityvulns 7
tomcat 5
altlinux 1
fedora 5
atlassian 2
exploitpack 1
gentoo 1
ubuntucve 7
jvn 2
prion 7
cve 7
github 5
packetstorm 1
cert 1
checkpoint_advisories 1
exploitdb 1
redhatcve 1
vmware 4
ibm 1
nessus
nessus
Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities
2008-01-07 00:00:00
Oracle Linux 5 : tomcat (ELSA-2007-0871)
2013-07-12 00:00:00
RHEL 5 : tomcat (RHSA-2007:0871)
2007-09-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 1447-1 (tomcat5.5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1447-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1453-1 (tomcat5)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
redhat
redhat
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0042) Moderate: tomcat security update
2008-03-11 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2008-03-19 00:04:06
osv
osv
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
Moderate: tomcat security update
2008-03-11 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
Apache Tomcat JULI日志组件默认安全策略漏洞
2007-12-26 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Information Disclosure
2019-03-25 08:40:44
Restriction Bypass
2019-03-25 08:40:44
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CVE-2007-3382: Handling of cookies containing a ' character
2007-08-14 00:00:00
[CVE-2007-5342] Apache Tomcat's default security policy is too open
2007-12-26 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
CVE-2007-5342
2007-12-27 00:00:00
CVE-2007-3385
2007-08-14 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
prion
prion
Cross site scripting
2007-08-14 22:17:00
Design/Logic Flaw
2007-12-27 22:46:00
Design/Logic Flaw
2007-08-14 22:17:00
cve
cve
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-5342
2007-12-27 22:46:00
CVE-2007-5461
2007-10-15 18:17:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhatcve
redhatcve
CVE-2007-5731
2019-10-04 21:11:49
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

81.7%

JSON
Related for OSV:DSA-1447-1
nessus47openvas41debian2redhat12centos2osv6oraclelinux2seebug5veracode6securityvulns7tomcat5altlinux1fedora5atlassian2exploitpack1gentoo1ubuntucve7jvn2prion7cve7github5packetstorm1cert1checkpoint_advisories1exploitdb1redhatcve1vmware4ibm1