No account yet?
Home » Exploits » Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities E-mail
Feeds - Exploits
Written by Tomasz Kuczynski, Poznan Supercomputing   
Wednesday, 18 February 2009 20:56
Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities


-\\Bugtraq ID:
25316

-\\Class:
Input Validation Error

-\\CVE:
CVE-2007-3382
CVE-2007-3385


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Aug 14 2007 12:00AM

-\\Updated:
Feb 18 2009 06:08PM

-\\Credit:
These issues were discovered by Tomasz Kuczynski, Poznan Supercomputing



-\\Vulnerable:
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386  
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. SUSE Linux Enterprise Server  9 SP3
S.u.S.E. SUSE Linux Enterprise Server  10 SP2
S.u.S.E. SUSE Linux Enterprise Server  10 SP1
S.u.S.E. SUSE Linux Enterprise Server  10
S.u.S.E. SUSE Linux Enterprise Desktop  10 SP1
S.u.S.E. SUSE Linux Enterprise Desktop  10
S.u.S.E. SUSE Linux Enterprise  10 SP1 DEBUGINFO
S.u.S.E. SUSE Linux Enterprise  10 SP1 DEBUGINFO
S.u.S.E. SLE SDK  10.SP1
S.u.S.E. SLE SDK  10
S.u.S.E. openSUSE  10.3
S.u.S.E. openSUSE  10.2
S.u.S.E. openSUSE  10.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server  1
S.u.S.E. Open-Enterprise-Server  0
S.u.S.E. Office Server  
S.u.S.E. Novell Linux POS  9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Novell Linux Desktop  9
S.u.S.E. Linux Professional 10.0  OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional  10.2 x86_64
S.u.S.E. Linux Professional  10.2
S.u.S.E. Linux Professional  10.1
S.u.S.E. Linux Personal 10.0  OSS
S.u.S.E. Linux Personal  10.2 x86_64
S.u.S.E. Linux Personal  10.2
S.u.S.E. Linux Personal  10.1
S.u.S.E. Linux Openexchange Server  
S.u.S.E. Linux Office Server  
S.u.S.E. Linux Enterprise Server  9
S.u.S.E. Linux Enterprise Server  8
S.u.S.E. Linux Enterprise Server  10.SP1
S.u.S.E. Linux Enterprise Server  10
S.u.S.E. Linux Enterprise SDK  10 SP1
S.u.S.E. Linux Enterprise SDK  10
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Desktop  10
S.u.S.E. Linux  10.1 x86-64
S.u.S.E. Linux  10.1 x86
S.u.S.E. Linux  10.1 ppc
S.u.S.E. Linux  10.0 x86-64
S.u.S.E. Linux  10.0 x86
S.u.S.E. Linux  10.0 ppc
RedHat Red Hat Network Satellite Server 5.0
RedHat Red Hat Network Satellite Server  4.2
RedHat Red Hat Network Satellite Server  4.1
RedHat Red Hat Network Satellite Server  4.0
RedHat Network Satellite (for RHEL 4)   4.2
RedHat Fedora 7  0
RedHat Enterprise Linux Desktop Workstation  5 client
RedHat Enterprise Linux Desktop  5 client
RedHat Enterprise Linux  5 server
RedHat Developer Suite EL4  3
RedHat  Network Satellite (for RHEL 3)  4.2
MandrakeSoft Linux Mandrake  2008.0 x86_64
MandrakeSoft Linux Mandrake  2008.0
MandrakeSoft Linux Mandrake  2007.1 x86_64
MandrakeSoft Linux Mandrake  2007.1
HP Tru64 UNIX   5.1B-4
HP Tru64 UNIX   5.1.0 PK6
HP Tru64 UNIX   5.1.0 B-4
HP Tru64 UNIX   5.1.0 B-3
HP Internet Express  6.7
HP Internet Express  6.6
HP Internet Express  6.5
HP HP-UX  B.11.31
HP HP-UX  B.11.23
HP HP-UX  B.11.11
Debian Linux  4.0 sparc
Debian Linux  4.0 s/390
Debian Linux  4.0 powerpc
Debian Linux  4.0 mipsel
Debian Linux  4.0 mips
Debian Linux  4.0 m68k
Debian Linux  4.0 ia-64
Debian Linux  4.0 ia-32
Debian Linux  4.0 hppa
Debian Linux  4.0 arm
Debian Linux  4.0 amd64
Debian Linux  4.0 alpha
Debian Linux  4.0
Computer Associates Cohesion Application Configuration Manager  4.5
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.28
Apache Software Foundation Tomcat 5.0.19
Apache Software Foundation Tomcat 5.0.16
Apache Software Foundation Tomcat 5.0.15
Apache Software Foundation Tomcat 5.0.14
Apache Software Foundation Tomcat 5.0.13
Apache Software Foundation Tomcat 5.0.12
Apache Software Foundation Tomcat 5.0.11
Apache Software Foundation Tomcat 5.0.10
Apache Software Foundation Tomcat 5.0.9
Apache Software Foundation Tomcat 5.0.8
Apache Software Foundation Tomcat 5.0.7
Apache Software Foundation Tomcat 5.0.6
Apache Software Foundation Tomcat 5.0.5
Apache Software Foundation Tomcat 5.0.4
Apache Software Foundation Tomcat 5.0.3
Apache Software Foundation Tomcat 5.0.2
Apache Software Foundation Tomcat 5.0.1
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.34
Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1
-BSDI BSD/OS 4.0
-Caldera OpenLinux 2.4
-Conectiva Linux 5.1
-Debian Linux 2.3
-Debian Linux 2.2
-Debian Linux 2.1
-Digital UNIX 4.0
-FreeBSD FreeBSD 5.0
-FreeBSD FreeBSD 4.5
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-NetBSD NetBSD 1.4.2  x86
-NetBSD NetBSD 1.4.1  x86
-RedHat Linux 6.2  i386
-RedHat Linux 6.1  i386
-SGI IRIX 6.5
-SGI IRIX 6.4
-SGI IRIX 3.3
-Sun Solaris  8
-Sun Solaris  7.0
Apache Software Foundation Tomcat 3.3.2
Apache Software Foundation Tomcat 3.3.1 a
Apache Software Foundation Tomcat 3.3.1
Apache Software Foundation Tomcat 3.3
-BSDI BSD/OS 4.0
-Caldera OpenLinux 2.4
-Conectiva Linux 5.1
-Debian Linux 2.2
-Debian Linux 2.1
-Digital UNIX 4.0
-FreeBSD FreeBSD 5.0
-FreeBSD FreeBSD 4.0
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-NetBSD NetBSD 1.4.2  x86
-NetBSD NetBSD 1.4.1  x86
-RedHat Linux 6.2  i386
-RedHat Linux 6.1  i386
-SGI IRIX 6.5
-SGI IRIX 6.4
-Sun Solaris  8
-Sun Solaris  7.0
Apache Software Foundation Tomcat  5.0



-\\Not Vulnerable:
Computer Associates Cohesion Application Configuration Manager  4.5 SP1
Apache Software Foundation Tomcat 6.0.14



-\\Discussion
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.14 are vulnerable.



-\\Exploit(s)/PoC(s):
The following example URIs are available:

http://www.example.com:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B
http://www.example.com:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B



-\\Solution
The vendor has released Tomcat 6.0.14 to address these issues. Please see the references for more information.


Apache Software Foundation Tomcat  5.0
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 3.3
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 4.1
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 4.1.12
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.1
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.13
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.14
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.15
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.5
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.6
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.0.9
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.1
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.11
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.12
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.14
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.16
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.19
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.2
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.21
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.22
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.23
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.4
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 5.5.7
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 6.0
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 6.0.10
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 6.0.5
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 6.0.7
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz

Apache Software Foundation Tomcat 6.0.8
--Apache Software Foundation  apache-tomcat-6.0.14.tar.gz
http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.ghttp://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz



-\\Reference(s)
--About the security content of Security Update 2008-004 and Mac OS X 10.5.4
http://support.apple.com/kb/HT216  (Apple)
--Apache Tomcat 6.x vulnerabilities
http://tomcat.apache.org/security-6.htm  (Apache)
--Apache Tomcat Homepage
http://tomcat.apache.org  (Apache)
--RHSA-2007:0871-5 - tomcat security update
https://rhn.redhat.com/errata/RHSA-2007-0871.htm  (RedHat)
--CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
http://www.securityfocus.com/archive/1/50041  ("Williams, James K" < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--CVE-2007-3382: Handling of cookies containing a ' character
http://www.securityfocus.com/archive/1/47644  (Mark Thomas < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--CVE-2007-3385: Handling of \" in cookies
http://www.securityfocus.com/archive/1/47644  (Mark Thomas < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--CA20090123-01: Security Notice for Cohesion Tomcat
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=19754  (Computer Associates)
--RHSA-2007:1069-5 Moderate: tomcat security update for Red Hat Network Satellite
http://rhn.redhat.com/errata/RHSA-2007-1069.htm  (Red Hat)
--RHSA-2008:0195-5 tomcat security update
http://rhn.redhat.com/errata/RHSA-2008-0195.htm  (Red Hat)
--RHSA-2008:0261-4 Moderate: Red Hat Network Satellite Server security update
http://rhn.redhat.com/errata/RHSA-2008-0261.htm  (Red Hat)
--RHSA-2008:0524-4 Red Hat Network Satellite Server security update
http://rhn.redhat.com/errata/RHSA-2008-0524.htm  (Red Hat)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff