Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in tomcat5 :

When running under a SecurityManager, access to the file system is
limited but web applications are granted read/write permissions to the
work directory. This directory is used for a variety of temporary
files such as the intermediate files generated when compiling JSPs to
Servlets. The location of the work directory is specified by a
ServletContect attribute that is meant to be read-only to web
applications. However, due to a coding error, the read-only setting
was not applied. Therefore, a malicious web application may modify the
attribute before Tomcat applies the file permissions. This can be used
to grant read/write permissions to any area on the file system which a
malicious web application may then take advantage of. This
vulnerability is only applicable when hosting web applications from
untrusted sources such as shared hosting environments (CVE-2010-3718).

The HTML Manager interface displayed web application provided data,
such as display names, without filtering. A malicious web application
could trigger script execution by an administrative user when viewing
the manager pages (CVE-2011-0013).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 52035 ()

Bugtraq ID: 46174
46177

CVE ID: CVE-2010-3718
CVE-2011-0013

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now