SuSE Security Update: Security update for Tomcat 5 (tomcat5-6841)
Medium Nessus Plugin ID 45472
Synopsis
The remote SuSE system is missing the security patch tomcat5-6841
Description
This update of tomcat5/6 fixes:
CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.
CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Solution
Install the security patch tomcat5-6841