This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.

Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)

Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchtomcat5< 5.0.30-0jpp_12rhtomcat5-5.0.30-0jpp_12rh.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	noarch	tomcat5	< 5.0.30-0jpp_12rh	tomcat5-5.0.30-0jpp_12rh.noarch.rpm

nessus 32

redhat 4

centos 1

openvas 32

oraclelinux 1

fedora 3

tomcat 5

vmware 4

securityvulns 17

ubuntucve 5

osv 6

cve 6

prion 6

github 5

atlassian 2

jvn 1

seebug 10

veracode 5

f5 7

packetstorm 5

debian 1

checkpoint_advisories 2

dsquare 1

exploitpack 2

cert 1

d2 1

exploitdb 2

ibm 1

nessus

RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)

2010-01-10 00:00:00

Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)

2008-09-17 00:00:00

CentOS 5 : tomcat5 (CESA-2008:0648)

2010-01-06 00:00:00

redhat

(RHSA-2008:0648) Important: tomcat security update

2008-08-27 00:00:00

(RHSA-2008:0864) Important: tomcat security update

2008-10-02 00:00:00

(RHSA-2008:0877) Important: jbossweb security update

2008-09-22 00:00:00

centos

tomcat5 security update

2008-08-28 22:01:41

openvas

RedHat Update for tomcat RHSA-2008:0648-01

2009-03-06 00:00:00

Fedora Update for tomcat6 FEDORA-2008-7977

2009-02-17 00:00:00

RedHat Update for tomcat RHSA-2008:0648-01

2009-03-06 00:00:00

oraclelinux

tomcat security update

2008-08-27 00:00:00

fedora

[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9

2008-09-16 23:25:10

[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9

2008-09-11 17:17:43

[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8

2008-09-16 23:28:35

tomcat

Fixed in Apache Tomcat 6.0.18

2008-07-31 00:00:00

Fixed in Apache Tomcat 5.5.27

2008-09-08 00:00:00

Fixed in Apache Tomcat 4.1.39

2008-01-07 00:00:00

vmware

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

2009-02-23 00:00:00

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

2009-02-23 00:00:00

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components

2009-11-20 00:00:00

securityvulns

Apache Tomcat multiple security vulnerabilities

2009-01-28 00:00:00

[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure

2008-10-12 00:00:00

Apache Tomcat information leak

2008-10-12 00:00:00

ubuntucve

CVE-2008-2938

2008-08-13 00:00:00

CVE-2008-3271

2008-10-13 00:00:00

CVE-2008-1232

2008-08-04 00:00:00

osv

Apache Tomcat Directory Traversal vulnerability

2022-05-01 23:55:04

Apache Tomcat Cross-site scripting (XSS) vulnerability

2022-05-01 23:37:49

Apache Tomcat Path Traversal Vulnerability

2022-05-01 23:49:31

cve

CVE-2008-2938

2008-08-13 00:41:00

CVE-2008-3271

2008-10-13 20:00:00

CVE-2008-1947

2008-06-04 19:32:00

prion

Directory traversal

2008-08-13 00:41:00

Cross site request forgery (csrf)

2008-10-13 20:00:00

Cross site scripting

2008-06-04 19:32:00

github

Apache Tomcat Directory Traversal vulnerability

2022-05-01 23:55:04

Apache Tomcat Cross-site scripting (XSS) vulnerability

2022-05-01 23:37:49

Apache Tomcat Cross-site scripting (XSS) vulnerability

2022-05-01 23:45:13

atlassian

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

jvn

JVN#30732239: Apache Tomcat allows access from a non-permitted IP address

2008-10-10 00:00:00

seebug

Apache Tomcat RemoteFilterValve绕过安全限制漏洞

2008-10-15 00:00:00

Apache Tomcat 'RemoteFilterValve'安全绕过漏洞

2008-10-14 00:00:00

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

2008-08-04 00:00:00

veracode

Information Disclosure

2018-11-09 02:33:38

Cross-site Scripting (XSS)

2018-11-09 06:35:59

Cross-site Scripting (XSS)

2018-11-09 07:06:07

SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370

2008-09-01 00:00:00

K9108 : Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

2013-03-24 00:00:00

K9109 : Apache Tomcat cross-site scripting vulnerability CVE-2008-1947

2013-03-19 00:00:00

packetstorm

CVE-2008-1947.txt

2008-06-03 00:00:00

tomcat-traverse.txt

2008-08-13 00:00:00

Oracle Containers For Java Traversal

2009-01-21 00:00:00

debian

[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting

2008-06-09 19:38:32

checkpoint_advisories

Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability

2008-08-19 00:00:00

Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)

2009-11-01 00:00:00

dsquare

Apache Tomcat File Disclosure

2012-02-01 00:00:00

exploitpack

Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)

2008-08-11 00:00:00

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities

2009-11-07 00:00:00

cert

Apache Tomcat UTF8 Directory Traversal Vulnerability

2008-08-19 00:00:00

DSquare Exploit Pack: D2SEC_TOMCAT_UTF8

2008-08-13 00:41:00

exploitdb

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

2008-08-11 00:00:00

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities

2009-11-07 00:00:00

ibm

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

2023-01-27 10:54:22

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON

Related for RHSA-2008:1007