No account yet?
Home » Exploits » Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability E-mail
Feeds - Exploits
Written by John Kew and Ishikawa Yoshihiro via JPCERT/CC   
Wednesday, 11 March 2009 22:11
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability


-\\Bugtraq ID:
27706

-\\Class:
Input Validation Error

-\\CVE:
CVE-2007-5333


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Feb 09 2008 12:00AM

-\\Updated:
Mar 11 2009 05:46PM

-\\Credit:
John Kew and Ishikawa Yoshihiro via JPCERT/CC are credited with the discovery of this vulnerability.



-\\Vulnerable:
WiKID Systems WiKID Server 3.0.4
VMWare VirtualCenter Management Server  2
VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
VMWare ESX Server  3.5
S.u.S.E. SUSE Linux Enterprise Server  10 SP2
RedHat Fedora 8  0
RedHat Fedora 7  0
Pardus Linux 2008  0
MandrakeSoft Linux Mandrake  2008.1 x86_64
MandrakeSoft Linux Mandrake  2008.1
IBM Tivoli Netcool/Webtop 2.1 Fix Pack 4
IBM Tivoli Netcool/Webtop 2.1
IBM Tivoli Netcool/Webtop 1.3.1
Gentoo www-servers/tomcat 6.0.15
Gentoo www-servers/tomcat 6.0.14
Gentoo www-servers/tomcat 6.0.13
Gentoo www-servers/tomcat 6.0.12
Gentoo www-servers/tomcat 6.0.11
Gentoo www-servers/tomcat 6.0.10
Gentoo www-servers/tomcat 6.0.9
Gentoo www-servers/tomcat 6.0.8
Gentoo www-servers/tomcat 6.0.7
Gentoo www-servers/tomcat 6.0.6
Gentoo www-servers/tomcat 6.0.5
Gentoo www-servers/tomcat 6.0.4
Gentoo www-servers/tomcat 6.0.3
Gentoo www-servers/tomcat 6.0.2
Gentoo www-servers/tomcat 6.0.1
Gentoo www-servers/tomcat 6.0
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.25
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.4
Apache Software Foundation Tomcat 5.3
Apache Software Foundation Tomcat 5.2
Apache Software Foundation Tomcat 5.1
Apache Software Foundation Tomcat 5.0.31
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.28
Apache Software Foundation Tomcat 5.0.19
Apache Software Foundation Tomcat 5.0.16
Apache Software Foundation Tomcat 5.0.15
Apache Software Foundation Tomcat 5.0.14
Apache Software Foundation Tomcat 5.0.13
Apache Software Foundation Tomcat 5.0.12
Apache Software Foundation Tomcat 5.0.11
Apache Software Foundation Tomcat 5.0.10
Apache Software Foundation Tomcat 5.0.9
Apache Software Foundation Tomcat 5.0.8
Apache Software Foundation Tomcat 5.0.7
Apache Software Foundation Tomcat 5.0.6
Apache Software Foundation Tomcat 5.0.5
Apache Software Foundation Tomcat 5.0.4
Apache Software Foundation Tomcat 5.0.3
Apache Software Foundation Tomcat 5.0.2
Apache Software Foundation Tomcat 5.0.1
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.34
Apache Software Foundation Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.32
Apache Software Foundation Tomcat 4.1.31
Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1.9 beta
Apache Software Foundation Tomcat 4.1.3 beta
Apache Software Foundation Tomcat 4.1
-BSDI BSD/OS 4.0
-Caldera OpenLinux 2.4
-Conectiva Linux 5.1
-Debian Linux 2.3
-Debian Linux 2.2
-Debian Linux 2.1
-Digital UNIX 4.0
-FreeBSD FreeBSD 5.0
-FreeBSD FreeBSD 4.5
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-NetBSD NetBSD 1.4.2  x86
-NetBSD NetBSD 1.4.1  x86
-RedHat Linux 6.2  i386
-RedHat Linux 6.1  i386
-SGI IRIX 6.5
-SGI IRIX 6.4
-SGI IRIX 3.3
-Sun Solaris  8
-Sun Solaris  7.0
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat  5.0



-\\Not Vulnerable:
WiKID Systems WiKID Server 3.0.5
IBM Tivoli Netcool/Webtop 2.1 Fix Pack 5
IBM Tivoli Netcool/Webtop 1.3.13
Apache Software Foundation Tomcat 6.0.16
Apache Software Foundation Tomcat 5.5.26
Apache Software Foundation Tomcat 4.1.37



-\\Discussion
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.

NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).



-\\Exploit(s)/PoC(s):
The following examples are available:

+++
GET /myapp/MyCookies HTTP/1.1
Host: localhost
Cookie: name="val " ue"
Cookie: name1=moi
+++

http://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
3B+Path%3D%2Fservlets-examples%2Fservlet+%3B



-\\Solution
The vendor has released Tomcat 6.0.16, 5.5.26, and 4.1.37 to address this issue. Please see the references for more information.


MandrakeSoft Linux Mandrake  2008.1 x86_64
--Mandriva  tomcat5-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake  2008.1
--Mandriva  tomcat5-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/

Apple Mac OS X Server 10.5.5
--Apple  SecUpdSrvr2008-007.dmg
http://www.apple.com/support/downloads/securityupdate2008007serverleopard.htmhttp://www.apple.com/support/downloads/securityupdate2008007serverleopard.html

Apache Software Foundation Tomcat 4.1
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.12
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.3 beta
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.31
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.32
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.34
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 4.1.9 beta
--Apache Software Foundation  apache-tomcat-4.1.37.tar.gz
http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.ghttp://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-tomcat-4.1.37.tar.gz

Apache Software Foundation Tomcat 5.5.1
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.10
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.11
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.11
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.12
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.12
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.14
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.16
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.19
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.2
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.2
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.21
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.22
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 5.5.23
--Apache Software Foundation  apache-tomcat-5.5.26.tar.gz
http://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.ghttp://mirror.csclub.uwaterloo.ca/apache/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

Apache Software Foundation Tomcat 6.0
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.10
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.11
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.13
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.15
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.3
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.5
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.7
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz

Apache Software Foundation Tomcat 6.0.8
--Apache Software Foundation  apache-tomcat-6.0.16.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz



-\\Reference(s)
--About the security content of Security Update 2008-004 and Mac OS X 10.5.4
http://support.apple.com/kb/HT216  (Apple)
--Apache Tomcat 4.x vulnerabilities
http://tomcat.apache.org/security-4.htm  (Apache)
--Apache Tomcat 5.x vulnerabilities
http://tomcat.apache.org/security-5.htm  (Apache)
--Apache Tomcat 6.x vulnerabilities
http://tomcat.apache.org/security-6.htm  (Apache)
--Apache Tomcat Homepage
http://tomcat.apache.org  (Apache)
--Fix list for Webtop Version 1.3.13
http://www-01.ibm.com/support/docview.wss?uid=swg2701204  (IBM)
--Fix list for Webtop Version 2.1
http://www-01.ibm.com/support/docview.wss?uid=swg2701204  (IBM)
--Release Name: 3.0.5
https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=14477  (WiKID Systems)
--Tivoli Netcool Webtop 2.1.0 Fix Pack 5, 2.1.0-TIV-NCWebtop-FP0005
http://www-01.ibm.com/support/docview.wss?uid=swg2401893  (IBM)
--[SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities
http://www.securityfocus.com/archive/1/48782  (Mark Thomas < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff