Synopsis: Important: tomcat5 security update Issue date: 2011-03-09 CVE Names: CVE-2010-4476 A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Tomcat must be restarted for this update to take effect. SL 5.x SRPMS: tomcat5-5.5.23-0jpp.17.el5_6.src.rpm i386: tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm x86_64: tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm -Connie Sieh -Troy Dawson