Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)

Medium Nessus Plugin ID 28257

Synopsis

The remote Fedora host is missing a security update.

Description

Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7.

This update includes fixes to the following :

- CVE-2007-1355

- CVE-2007-3386

- CVE-2007-3385

- CVE-2007-3382

- CVE-2007-2450

- CVE-2007-2449

- CVE-2007-5461

- CVE-2007-1358

All users of tomcat are advised to update to these packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

CPE: p-cpe:/a:fedoraproject:fedora:tomcat5, p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps, p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib, p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo, p-cpe:/a:fedoraproject:fedora:tomcat5-jasper, p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse, p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc, p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api, p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc, p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib, p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api, p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc, p-cpe:/a:fedoraproject:fedora:tomcat5-webapps, cpe:/o:fedoraproject:fedora:7

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/11/17

Reference Information

CVE: CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5461

BID: 24475, 24476, 24524, 25316, 26070

FEDORA: 2007-3456

CWE: 22, 79, 200

Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information