GLSA-200804-10 : Tomcat: Multiple vulnerabilities

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200804-10
(Tomcat: Multiple vulnerabilities)

The following vulnerabilities were reported:
Delian Krustev discovered that the JULI logging component does not
properly enforce access restrictions, allowing web application to add
or overwrite files (CVE-2007-5342).
When the native APR connector is used, Tomcat does not properly handle
an empty request to the SSL port, which allows remote attackers to
trigger handling of a duplicate copy of one of the recent requests
(CVE-2007-6286).
If the processing or parameters is interrupted, i.e. by an exception,
then it is possible for the parameters to be processed as part of later
request (CVE-2008-0002).
An absolute path traversal vulnerability exists due to the way that
WebDAV write requests are handled (CVE-2007-5461).
Tomcat does not properly handle double quote (') characters or %5C
(encoded backslash) sequences in a cookie value, which might cause
sensitive information such as session IDs to be leaked to remote
attackers and enable session hijacking attacks
(CVE-2007-5333).

Impact :

These vulnerabilities can be exploited by:
a malicious web application to add or overwrite files with the
permissions of the user running Tomcat.
a remote attacker to conduct session hijacking or disclose sensitive
data.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200804-10.xml

Solution :

All Tomcat 5.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-5.5.26'
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.16'

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 31957 (gentoo_GLSA-200804-10.nasl)

Bugtraq ID:

CVE ID: CVE-2007-5333
CVE-2007-5342
CVE-2007-5461
CVE-2007-6286
CVE-2008-0002