Advisories MDKSA-2007:241: Updated tomcat5 packages fix multiple vulnerabilities

[paul]

A number of vulnerabilities were found in Tomcat:

 

A directory traversal vulnerability, when using certain proxy modules,

allows a remote attacker to read arbitrary files via a .. (dot dot)

sequence with various slash, backslash, or url-encoded backslash

characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

 

Multiple cross-site scripting vulnerabilities in certain JSP files

allow remote attackers to inject arbitrary web script or HTML

(CVE-2007-2449).

 

Multiple cross-site scripting vulnerabilities in the Manager and Host

Manager web applications allow remote authenticated users to inject

arbitrary web script or HTML (CVE-2007-2450).

 

Tomcat treated single quotes as delimiters in cookies, which could

cause sensitive information such as session IDs to be leaked and allow

remote attackers to conduct session hijacking attacks (CVE-2007-3382).

 

Tomcat did not properly handle the " character sequence in a cookie

value, which could cause sensitive information such as session IDs

to be leaked and allow remote attackers to conduct session hijacking

attacks (CVE-2007-3385).

 

A cross-site scripting vulnerability in the Host Manager servlet

allowed remote attackers to inject arbitrary HTML and web script via

crafted attacks (CVE-2007-3386).

 

Finally, an absolute path traversal vulnerability, under certain

configurations, allows remote authenticated users to read arbitrary

files via a WebDAV write request that specifies an entity with a

SYSTEM tag (CVE-2007-5461).

 

The updated packages have been patched to correct these issues.