Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were found in Tomcat :

A directory traversal vulnerability, when using certain proxy modules,
allows a remote attacker to read arbitrary files via a .. (dot dot)
sequence with various slash, backslash, or url-encoded backslash
characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files
allow remote attackers to inject arbitrary web script or HTML
(CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host
Manager web applications allow remote authenticated users to inject
arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could
cause sensitive information such as session IDs to be leaked and allow
remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the ' character sequence in a cookie
value, which could cause sensitive information such as session IDs to
be leaked and allow remote attackers to conduct session hijacking
attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet
allowed remote attackers to inject arbitrary HTML and web script via
crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 38147 (mandrake_MDKSA-2007-241.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0450
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5461

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now