Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2008:0042
HistoryMar 11, 2008 - 12:00 a.m.

(RHSA-2008:0042) Moderate: tomcat security update

2008-03-1100:00:00
access.redhat.com
16

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

73.2%

JSON

Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.

A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. In some configurations it allowed remote authenticated users to
read files accessible to the local tomcat process. (CVE-2007-5461)

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)

Users of Tomcat should update to these errata packages, which contain
backported patches and are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64tomcat5< 5.5.23-0jpp.3.0.3.el5_1tomcat5-5.5.23-0jpp.3.0.3.el5_1.ia64.rpm
RedHat5x86_64tomcat5-webapps< 5.5.23-0jpp.3.0.3.el5_1tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1.x86_64.rpm
RedHat5ppctomcat5-jsp-2.0-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.ppc.rpm
RedHat5s390xtomcat5-servlet-2.4-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.s390x.rpm
RedHat5i386tomcat5-jsp-2.0-api< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
RedHat5i386tomcat5-servlet-2.4-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
RedHat5i386tomcat5-jasper< 5.5.23-0jpp.3.0.3.el5_1tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
RedHat5ia64tomcat5-webapps< 5.5.23-0jpp.3.0.3.el5_1tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1.ia64.rpm
RedHat5ppctomcat5-servlet-2.4-api-javadoc< 5.5.23-0jpp.3.0.3.el5_1tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1.ppc.rpm
RedHat5i386tomcat5-common-lib< 5.5.23-0jpp.3.0.3.el5_1tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1.i386.rpm
Rows per page:
1-10 of 561

Related

openvas 31
nessus 37
centos 1
oraclelinux 1
redhat 7
gentoo 1
osv 4
securityvulns 2
prion 3
veracode 2
tomcat 3
seebug 2
cve 3
ubuntucve 3
github 2
debian 2
checkpoint_advisories 1
redhatcve 1
fedora 5
altlinux 1
vmware 4
ibm 1
openvas
openvas
Oracle: Security Advisory (ELSA-2008-0042)
2015-10-08 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
nessus
nessus
Oracle Linux 5 : tomcat (ELSA-2008-0042)
2013-07-12 00:00:00
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : tomcat (RHSA-2008:0042)
2008-03-13 00:00:00
centos
centos
tomcat5 security update
2008-03-19 00:04:06
oraclelinux
oraclelinux
Moderate: tomcat security update
2008-03-11 00:00:00
redhat
redhat
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
(RHSA-2008:0862) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0832) Low: JBoss Enterprise Application Platform 4.3.0CP02 security update
2008-09-22 00:00:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat Path Traversal Vulnerability
2022-05-01 18:33:34
securityvulns
securityvulns
[CVE-2007-5342] Apache Tomcat&#39;s default security policy is too open
2007-12-26 00:00:00
Apache Tomcat weak default permissions
2007-12-26 00:00:00
prion
prion
Design/Logic Flaw
2007-12-27 22:46:00
Path traversal
2007-10-15 18:17:00
Path traversal
2007-10-30 23:46:00
veracode
veracode
Restriction Bypass
2019-03-25 08:40:44
Path Traversal
2018-11-12 08:02:36
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
seebug
seebug
Apache Tomcat JULI日志组件默认安全策略漏洞
2007-12-26 00:00:00
Apache Tomcat WebDav远程信息泄露漏洞
2007-10-28 00:00:00
cve
cve
CVE-2007-5461
2007-10-15 18:17:00
CVE-2007-5342
2007-12-27 22:46:00
CVE-2007-5731
2007-10-30 23:46:00
ubuntucve
ubuntucve
CVE-2007-5342
2007-12-27 00:00:00
CVE-2007-5461
2007-10-15 00:00:00
CVE-2007-5731
2007-10-30 00:00:00
github
github
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat Path Traversal Vulnerability
2022-05-01 18:33:34
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
redhatcve
redhatcve
CVE-2007-5731
2019-10-04 21:11:49
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

73.2%

JSON
Related for RHSA-2008:0042
openvas31nessus37centos1oraclelinux1redhat7gentoo1osv4securityvulns2prion3veracode2tomcat3seebug2cve3ubuntucve3github2debian2checkpoint_advisories1redhatcve1fedora5altlinux1vmware4ibm1