[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MIuxV-0005Pf-0P@titan.mandriva.com>
Date: Tue, 23 Jun 2009 03:38:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:138 ] tomcat5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:138
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tomcat5
Date : June 22, 2009
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in tomcat5:
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through
6.0.18, and possibly earlier versions normalizes the target pathname
before filtering the query string when using the RequestDispatcher
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 through 6.0.18, when FORM authentication is used, allows
remote attackers to enumerate valid usernames via requests to
/j_security_check with malformed URL encoding of passwords, related to
improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,
and (3) JDBCRealm authentication realms, as demonstrated by a %
(percent) value for the j_password parameter (CVE-2009-0580).
The calendar application in the examples web application contains an
XSS flaw due to invalid HTML which renders the XSS filtering protection
ineffective (CVE-2009-0781).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or modify
the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web
applications via a crafted application that is loaded earlier than
the target application (CVE-2009-0783).
The updated packages have been patched to prevent this. Additionally
Apache Tomcat has been upgraded to the latest 5.5.27 version for
2009.0.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
http://tomcat.apache.org/security-5.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
428b187497b4978051c7a6c4eac7e7cd 2009.0/i586/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
892d104aaf4eba625b8aece097a761f8 2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
a9c262792eb51f72602206ed582e201e 2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
312008330d70b0a738dbdb447b1a7eb5 2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
7faf9b111c77426d292251717ee6c921 2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
632784effce6d3c1488db67bf715bf5a 2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
b626e7ad47d127c84a5ab4e4e195cb23 2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
50dff9ec31232df9ed3a9a4ced2b308d 2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
9e52510bc62f27eb83c4a8518612c245 2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
db73d8ff41b418c723a6ed0ef98873b3 2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
c8c8eb4f4f2d3a790c3f24f792741da4 2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
7e923ae7ac28655f2fbb2a5bf21f14cb 2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
70b0daf5445d25ba28ca5c9faf35ab30 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
adaf8aa38a56032c2af2b9e9a4d32f74 2009.0/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
10ccca04d63fe432f1dfde1d68d37096 2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
4684a73eab871cdbb5944af43356292f 2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
9a6a9b1f7814493f643ddd66558af448 2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
7fca471aac6926e59cd51f5a259a4aff 2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
44081f3dd19e85300dfa01119ed42c3d 2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
aa92d9b64e7a499409cae4c426dbfa2a 2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
6dbf127680b58c3dbb318fcca1297e8e 2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
ac9fcec772e9cb2056b42f409be36bf9 2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
56e0cfa45b4f7f01ba0b672df187ecb4 2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
4fbf140ef8760b63f8ae2a39fc665d96 2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
55b4425c6778e3633e4f4b054babaa37 2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm
70b0daf5445d25ba28ca5c9faf35ab30 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
96440fed883e326b13985fe48321021d 2009.1/i586/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
d276901515b98ff3accfd120264d3a46 2009.1/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
cb8b99f44074805b1a61225aed1235f4 2009.1/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
3a7b3bca71fa7ef6fb784d7051c6736a 2009.1/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
f2c0ccd5bc3251ce3b4bab0c44e39ef9 2009.1/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
425fefca7c5277e645d5b7965b256fa6 2009.1/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
c0b635c6f12ed81b50ef8f302b1602f6 2009.1/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
616d65f3f9ced4f522f571f1ad6763b3 2009.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
f9a9d71056a52ebd033cf060fa6c4779 2009.1/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
ad6fb637810872f1e0d7610e65f2b419 2009.1/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
546af1e050b27e018b80a1e51f1e0dd0 2009.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
73ebe6e6d30f04f18f2a6d2343e29d0c 2009.1/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
2f973dcb1297bc0eb1fb4b60605431e7 2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
c933a3c0fe41915a27bce5b390ee0f1d 2009.1/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
ff17d1526a1cc79c00bad9fb851eac83 2009.1/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
eb747524bb223902319e3394493bc4e9 2009.1/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
8daa93141056351326e4ddc36f78f478 2009.1/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
bfd83b39fd977b34ad0b7bd76c7e9bf9 2009.1/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
cb6b940efcfdb997cd4a9c99fc59b95f 2009.1/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
15eb4406c3c5b869040bcf3a9c9e9dc8 2009.1/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
4366ec41c3ad6a4c4fa8208b6df8df7a 2009.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
715ca3b9309e33f8b682fc36e4e3c2be 2009.1/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
a43b1b547a28f3204af8f348f3c16427 2009.1/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
555f6333bb95694eae748f4f454a55ee 2009.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
0843f1dcaf4b5615db0cfe60eb75c93c 2009.1/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm
2f973dcb1297bc0eb1fb4b60605431e7 2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKQAfhmqjQ0CJFipgRAvTWAJ446uOYsHLI3v3Ox5vokMTwloJkGQCfYytw
1RTR84DBZcvJ/gx+TWxwdXU=
=3KZb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists