Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)

Medium Nessus Plugin ID 38147

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A number of vulnerabilities were found in Tomcat :

A directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a .. (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the ' character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 38147

File Name: mandrake_MDKSA-2007-241.nasl

Version: 1.12

Type: local

Published: 2009/04/23

Updated: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:tomcat5, p-cpe:/a:mandriva:linux:tomcat5-admin-webapps, p-cpe:/a:mandriva:linux:tomcat5-common-lib, p-cpe:/a:mandriva:linux:tomcat5-jasper, p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc, p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api, p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc, p-cpe:/a:mandriva:linux:tomcat5-server-lib, p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api, p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc, p-cpe:/a:mandriva:linux:tomcat5-webapps, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0

Patch Publication Date: 2007/12/10

Reference Information

CVE: CVE-2007-0450, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5461

MDKSA: 2007:241

CWE: 22, 79, 200