Scientific Linux Security Update : tomcat on SL5.x i386/x86_64

A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. CVE-2008-1232 An additional cross-site scripting vulnerability was discovered in the host manager application. A...