Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2008:0648
HistoryAug 27, 2008 - 12:00 a.m.

(RHSA-2008:0648) Important: tomcat security update

2008-08-2700:00:00
access.redhat.com
22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
โ€œallowLinkingโ€ and โ€œURIencodingโ€ settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ppctomcat5-jsp-2.0-api<ย 5.5.23-0jpp.7.el5_2.1tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm
RedHat5ia64tomcat5<ย 5.5.23-0jpp.7.el5_2.1tomcat5-5.5.23-0jpp.7.el5_2.1.ia64.rpm
RedHat5ia64tomcat5-jsp-2.0-api<ย 5.5.23-0jpp.7.el5_2.1tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm
RedHat5x86_64tomcat5-jsp-2.0-api<ย 5.5.23-0jpp.7.el5_2.1tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
RedHat5s390xtomcat5-common-lib<ย 5.5.23-0jpp.7.el5_2.1tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm
RedHat5s390xtomcat5-admin-webapps<ย 5.5.23-0jpp.7.el5_2.1tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm
RedHat5x86_64tomcat5-webapps<ย 5.5.23-0jpp.7.el5_2.1tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
RedHat5s390xtomcat5-server-lib<ย 5.5.23-0jpp.7.el5_2.1tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm
RedHat5ia64tomcat5-jasper-javadoc<ย 5.5.23-0jpp.7.el5_2.1tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm
RedHat5ppctomcat5-jsp-2.0-api-javadoc<ย 5.5.23-0jpp.7.el5_2.1tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm
Rows per page:
1-10 of 571

Related

nessus 27
centos 1
openvas 27
fedora 3
redhat 4
oraclelinux 1
tomcat 3
vmware 4
securityvulns 15
ubuntucve 4
cve 5
osv 6
prion 5
github 5
atlassian 2
seebug 8
f5 7
packetstorm 5
veracode 4
debian 1
checkpoint_advisories 2
dsquare 1
exploitpack 2
cert 1
d2 1
exploitdb 2
ibm 1
nessus
nessus
Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)
2008-09-17 00:00:00
CentOS 5 : tomcat5 (CESA-2008:0648)
2010-01-06 00:00:00
Oracle Linux 5 : tomcat (ELSA-2008-0648)
2013-07-12 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
openvas
openvas
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
redhat
redhat
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:1007) Low: tomcat security update for Red Hat Network Satellite Server
2008-12-08 00:00:00
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
[CVE-2008-1232] Apache Tomcat XSS vulnerability
2008-08-01 00:00:00
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S
2009-08-08 00:00:00
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
CVE-2008-1232
2008-08-04 00:00:00
CVE-2008-1947
2008-06-04 00:00:00
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
CVE-2008-1232
2008-08-04 01:41:00
CVE-2008-1947
2008-06-04 19:32:00
osv
osv
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
prion
prion
Directory traversal
2008-08-13 00:41:00
Cross site scripting
2008-08-04 01:41:00
Cross site scripting
2008-06-04 19:32:00
github
github
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
seebug
seebug
Apache Tomcat HttpServletResponse.sendError()่ทจ็ซ™่„šๆœฌๆผๆดž
2008-08-04 00:00:00
Apache Tomcatไธปๆœบ็ฎก็†ๅ™จ่ทจ็ซ™่„šๆœฌๆผๆดž
2008-06-05 00:00:00
Apache Tomcat &lt;= 6.0.18 UTF8 Directory Traversal Vulnerability
2008-08-11 00:00:00
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
K9109 : Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2013-03-19 00:00:00
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2008-09-01 00:00:00
packetstorm
packetstorm
CVE-2008-1947.txt
2008-06-03 00:00:00
tomcat-traverse.txt
2008-08-13 00:00:00
Oracle Containers For Java Traversal
2009-01-21 00:00:00
veracode
veracode
Directory Traversal
2018-11-09 07:23:15
Cross-site Scripting (XSS)
2018-11-09 06:35:59
Cross-site Scripting (XSS)
2018-11-09 07:06:07
debian
debian
[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting
2008-06-09 19:38:32
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability
2008-08-19 00:00:00
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
dsquare
dsquare
Apache Tomcat File Disclosure
2012-02-01 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
cert
cert
Apache Tomcat UTF8 Directory Traversal Vulnerability
2008-08-19 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_UTF8
2008-08-13 00:41:00
exploitdb
exploitdb
Apache Tomcat &lt; 6.0.18 - &#039;utf8&#039; Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON
Related for RHSA-2008:0648
nessus27centos1openvas27fedora3redhat4oraclelinux1tomcat3vmware4securityvulns15ubuntucve4cve5osv6prion5github5atlassian2seebug8f57packetstorm5veracode4debian1checkpoint_advisories2dsquare1exploitpack2cert1d21exploitdb2ibm1