SynopsisThe remote openSUSE host is missing a security update.
DescriptionFixed various issues in tomcat :
- CVE-2007-3382: Handling of cookies containing a ' character
- CVE-2007-3385: Handling of \' in cookies
- CVE-2007-5641: tomcat path traversal / information leak
- CVE-2007-1860: directory traversal
- CVE-2007-3386: tomcat XSS
- CVE-2007-5342: insufficient access restrictions
Additionally the dbcp namespace in commons-dbcp.jar was fixed.
SolutionUpdate the affected apache2-mod_jk packages.