logo
DATABASE RESOURCES PRICING ABOUT US

Fixed in Apache Tomcat 4.1.37

Description

**Important: Information disclosure** [CVE-2005-3164](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164>) If a client specifies a Content-Length but disconnects before sending any of the request body, the deprecated AJP connector processes the request using the request body of the previous request. Users are advised to use the default, supported Coyote AJP connector which does not exhibit this issue. Affects: 4.0.1-4.0.6, 4.1.0-4.1.36 **Moderate: Cross-site scripting** [CVE-2007-1355](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355>) The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output. Affects: 4.0.1-4.0.6, 4.1.0-4.1.36 **Low: Cross-site scripting** [CVE-2007-2449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449>) JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. Affects: 4.0.0-4.0.6, 4.1.0-4.1.36 **Low: Cross-site scripting** [CVE-2007-2450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450>) The Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. This application now filters the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. Affects: 4.0.1-4.0.6, 4.1.0-4.1.36 **Low: Session hi-jacking** [CVE-2007-3382](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382>) Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker. Affects: 4.1.0-4.1.36 **Low: Cross-site scripting** [CVE-2007-3383](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383>) When reporting error messages, the SendMailServlet (part of the examples web application) did not escape user provided data before including it in the output. This enabled a XSS attack. This Servlet now filters the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. Affects: 4.0.0-4.0.6, 4.1.0-4.1.36 **Low: Session hi-jacking** [CVE-2007-3385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385>) Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker. Affects: 4.1.0-4.1.36 **Low: Session hi-jacking** [CVE-2007-5333](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333>) The previous fix for [CVE-2007-3385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385>) was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 4.1.0-4.1.36 **Important: Information disclosure** [CVE-2007-5461](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461>) When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client. Affects: 4.0.0-4.0.6, 4.1.0-4.1.36


Affected Software


CPE Name Name Version
apache tomcat 4.0.0
apache tomcat 4.0.1
apache tomcat 4.0.6
apache tomcat 4.1.0
apache tomcat 4.1.36

Related