Synopsis: Moderate: tomcat security update Issue date: 2007-07-17 CVE Names: CVE-2007-2449 CVE-2007-2450 CVE-2005-2090 CVE-2006-7195 CVE-2007-0450 Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) SL 5.x SRPMS: tomcat5-5.5.23-0jpp.1.0.4.el5.src.rpm jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.src.rpm i386: jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.i386.rpm jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.i386.rpm tomcat5-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-jasper-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5.i386.rpm tomcat5-webapps-5.5.23-0jpp.1.0.4.el5.i386.rpm x86_64: jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.x86_64.rpm jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.x86_64.rpm tomcat5-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.1.0.4.x86_64.rpm -Connie Sieh -Troy Dawson