lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVs2m-0000fo-7l@titan.mandriva.com>
Date: Tue, 28 Jul 2009 21:09:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:163 ] tomcat5


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:163
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tomcat5
 Date    : July 28, 2009
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed
 in tomcat5:
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through
 6.0.18, and possibly earlier versions normalizes the target pathname
 before filtering the query string when using the RequestDispatcher
 method, which allows remote attackers to bypass intended access
 restrictions and conduct directory traversal attacks via .. (dot dot)
 sequences and the WEB-INF directory in a Request (CVE-2008-5515).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
 through 6.0.18, when the Java AJP connector and mod_jk load balancing
 are used, allows remote attackers to cause a denial of service
 (application outage) via a crafted request with invalid headers,
 related to temporary blocking of connectors that have encountered
 errors, as demonstrated by an error involving a malformed HTTP Host
 header (CVE-2009-0033).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
 6.0.0 through 6.0.18, when FORM authentication is used, allows
 remote attackers to enumerate valid usernames via requests to
 /j_security_check with malformed URL encoding of passwords, related to
 improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,
 and (3) JDBCRealm authentication realms, as demonstrated by a %
 (percent) value for the j_password parameter (CVE-2009-0580).
 
 The calendar application in the examples web application contains an
 XSS flaw due to invalid HTML which renders the XSS filtering protection
 ineffective (CVE-2009-0781).
 
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
 through 6.0.18 permits web applications to replace an XML parser used
 for other web applications, which allows local users to read or modify
 the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web
 applications via a crafted application that is loaded earlier than
 the target application (CVE-2009-0783).
 
 The updated packages have been patched to prevent this. Additionally
 Apache Tomcat has been upgraded to the latest 5.5.27 version for MES5.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
 http://tomcat.apache.org/security-5.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 eeaa9d6a2b616db100f1e206bb06b2d6  mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 a641e0f379b1c37a1475b8528a6d8ecf  mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 743727d3628613d6968850ffd1ae092d  mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 c9e66f0251d48d08f1df2dbca1973aad  mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 0fcaf3a02861505fd8afec7c94344b34  mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 6b013f381aad7eec77f82021fa897bb1  mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 56a14766bd5d56beaf05914442329b8e  mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 6244961329d56d9854c27fb643180af7  mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 389011360b165d51ed7bb760aed77fef  mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 644fdfef4854b94a6a645b4a5df19430  mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 69601123fe318d20c8e050fb294563a4  mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 19cbeea920983a8ba6a9f739c13f1162  mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 
 30f1fc3e67154e56ba2fe78c7f17cf02  mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c25b7d09498779d75041bc7f613130a0  mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 d7674924e3c8b7c84e5024869c1b69a3  mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 84d805f41359b28390638787cfc06d12  mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 8d7ed6ceffa3cc3f03a8a7abd05c470b  mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 4f1b9387b5c5e77fcac86104815ae33a  mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 23350f016f88897bd966721c156c7c73  mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 0e187a53ffadf553705425de115e48e6  mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 50b42a84acf2b2d989655c2f7dd5ae1f  mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 16ca5f053c9221b48aea5e73ce7b6a06  mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 cf3d9d6d4cc876aef1fcbbf1b7d53950  mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 32f514581f311783fc5a673231558567  mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm
 d21b39762b5a108dacdaf58a91ce5dac  mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 
 30f1fc3e67154e56ba2fe78c7f17cf02  mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM
8kHZGORcpqDWK1qWCdiY9A==
=XhQl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ