SynopsisThe remote Debian host is missing a security-related update.
DescriptionVarious vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page.
SolutionUpgrade the tomcat5.5 packages.
For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.
The stable distribution (squeeze) no longer contains tomcat5.5.
tomcat6 is already fixed.