lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 13 Sep 2010 08:49:14 +0530
From: "Raj Mathur (राज माथुर)" <raju@...ux-delhi.org>
To: full-disclosure@...ts.grok.org.uk
Cc: security@...driva.com
Subject: Re: [ MDVSA-2010:176 ] tomcat5

On Sunday 12 Sep 2010, security@...driva.com wrote:
>  Package : tomcat5
>
>  Multiple vulnerabilities has been found and corrected in tomcat5:
> 
>  Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0
>  through 4.1.36 does not properly handle (1) double quote (")
> characters or (2) \%5C (encoded backslash) sequences in a cookie
> value, which might cause sensitive information such as session IDs
> to be leaked to remote attackers and enable session hijacking
> attacks.  NOTE: this issue exists because of an incomplete fix for
> CVE-2007-3385 (CVE-2007-5333).
> 
>  Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
> through 6.0.18, and possibly earlier versions normalizes the target
> pathname before filtering the query string when using the
> RequestDispatcher method, which allows remote attackers to bypass
> intended access restrictions and conduct directory traversal attacks
> via .. (dot dot) sequences and the WEB-INF directory in a Request
> (CVE-2008-5515).

Please correct the package name in the vulnerability report.

Regards,

-- Raj
-- 
Raj Mathur                raju@...dalaya.org      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ