lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MIuua-0005OF-GU@titan.mandriva.com>
Date: Tue, 23 Jun 2009 03:35:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:138 ] tomcat5


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:138
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tomcat5
 Date    : June 22, 2009
 Affected: 2009.0, 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed
 in tomcat5:
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through
 6.0.18, and possibly earlier versions normalizes the target pathname
 before filtering the query string when using the RequestDispatcher
 method, which allows remote attackers to bypass intended access
 restrictions and conduct directory traversal attacks via .. (dot dot)
 sequences and the WEB-INF directory in a Request (CVE-2008-5515).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
 through 6.0.18, when the Java AJP connector and mod_jk load balancing
 are used, allows remote attackers to cause a denial of service
 (application outage) via a crafted request with invalid headers,
 related to temporary blocking of connectors that have encountered
 errors, as demonstrated by an error involving a malformed HTTP Host
 header (CVE-2009-0033).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
 6.0.0 through 6.0.18, when FORM authentication is used, allows
 remote attackers to enumerate valid usernames via requests to
 /j_security_check with malformed URL encoding of passwords, related to
 improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,
 and (3) JDBCRealm authentication realms, as demonstrated by a %
 (percent) value for the j_password parameter (CVE-2009-0580).
 
 The calendar application in the examples web application contains an
 XSS flaw due to invalid HTML which renders the XSS filtering protection
 ineffective (CVE-2009-0781).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
 through 6.0.18 permits web applications to replace an XML parser used
 for other web applications, which allows local users to read or modify
 the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web
 applications via a crafted application that is loaded earlier than
 the target application (CVE-2009-0783).
 
 The updated packages have been patched to prevent this. Additionally
 Apache Tomcat has been upgraded to the latest 5.5.27 version for
 2009.0.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
 http://tomcat.apache.org/security-5.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 428b187497b4978051c7a6c4eac7e7cd  2009.0/i586/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 892d104aaf4eba625b8aece097a761f8  2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 a9c262792eb51f72602206ed582e201e  2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 312008330d70b0a738dbdb447b1a7eb5  2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 7faf9b111c77426d292251717ee6c921  2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 632784effce6d3c1488db67bf715bf5a  2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 b626e7ad47d127c84a5ab4e4e195cb23  2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 50dff9ec31232df9ed3a9a4ced2b308d  2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 9e52510bc62f27eb83c4a8518612c245  2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 db73d8ff41b418c723a6ed0ef98873b3  2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 c8c8eb4f4f2d3a790c3f24f792741da4  2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 7e923ae7ac28655f2fbb2a5bf21f14cb  2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 
 70b0daf5445d25ba28ca5c9faf35ab30  2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 adaf8aa38a56032c2af2b9e9a4d32f74  2009.0/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 10ccca04d63fe432f1dfde1d68d37096  2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 4684a73eab871cdbb5944af43356292f  2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 9a6a9b1f7814493f643ddd66558af448  2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 7fca471aac6926e59cd51f5a259a4aff  2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 44081f3dd19e85300dfa01119ed42c3d  2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 aa92d9b64e7a499409cae4c426dbfa2a  2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 6dbf127680b58c3dbb318fcca1297e8e  2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 ac9fcec772e9cb2056b42f409be36bf9  2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 56e0cfa45b4f7f01ba0b672df187ecb4  2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 4fbf140ef8760b63f8ae2a39fc665d96  2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
 55b4425c6778e3633e4f4b054babaa37  2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 
 70b0daf5445d25ba28ca5c9faf35ab30  2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 96440fed883e326b13985fe48321021d  2009.1/i586/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 d276901515b98ff3accfd120264d3a46  2009.1/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 cb8b99f44074805b1a61225aed1235f4  2009.1/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 3a7b3bca71fa7ef6fb784d7051c6736a  2009.1/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 f2c0ccd5bc3251ce3b4bab0c44e39ef9  2009.1/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 425fefca7c5277e645d5b7965b256fa6  2009.1/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 c0b635c6f12ed81b50ef8f302b1602f6  2009.1/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 616d65f3f9ced4f522f571f1ad6763b3  2009.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 f9a9d71056a52ebd033cf060fa6c4779  2009.1/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 ad6fb637810872f1e0d7610e65f2b419  2009.1/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 546af1e050b27e018b80a1e51f1e0dd0  2009.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 73ebe6e6d30f04f18f2a6d2343e29d0c  2009.1/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 
 2f973dcb1297bc0eb1fb4b60605431e7  2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 c933a3c0fe41915a27bce5b390ee0f1d  2009.1/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 ff17d1526a1cc79c00bad9fb851eac83  2009.1/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 eb747524bb223902319e3394493bc4e9  2009.1/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 8daa93141056351326e4ddc36f78f478  2009.1/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 bfd83b39fd977b34ad0b7bd76c7e9bf9  2009.1/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 cb6b940efcfdb997cd4a9c99fc59b95f  2009.1/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 15eb4406c3c5b869040bcf3a9c9e9dc8  2009.1/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 4366ec41c3ad6a4c4fa8208b6df8df7a  2009.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 715ca3b9309e33f8b682fc36e4e3c2be  2009.1/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 a43b1b547a28f3204af8f348f3c16427  2009.1/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 555f6333bb95694eae748f4f454a55ee  2009.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
 0843f1dcaf4b5615db0cfe60eb75c93c  2009.1/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 
 2f973dcb1297bc0eb1fb4b60605431e7  2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKQAfhmqjQ0CJFipgRAvTWAJ446uOYsHLI3v3Ox5vokMTwloJkGQCfYytw
1RTR84DBZcvJ/gx+TWxwdXU=
=3KZb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ