- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: tomcat security update
Advisory ID:       RHSA-2007:0327-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0327.html
Issue date:        2007-05-14
Updated on:        2007-05-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-2090 CVE-2006-7195 CVE-2007-0450 
- ---------------------------------------------------------------------1. Summary:

Updated tomcat packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.

Tomcat was found to accept multiple content-length headers in a
request. This could allow attackers to poison a web-cache, bypass web
application firewall protection, or conduct cross-site scripting attacks. 
(CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If Tomcat was used
behind certain proxies and configured to only proxy some contexts, an
attacker could construct an HTTP request to work around the context
restriction and potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples webapp displayed a
number of unfiltered header values. If the JSP examples were accessible,
this flaw could allow a remote attacker to perform cross-site scripting
attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain an update to
Tomcat that resolves these issues.  Updated jakarta-commons-modeler
packages are also included which correct a bug when used with Tomcat 5.5.23.

4. Solution:

Note: /etc/tomcat5/web.xml has been updated to disable directory listing by
default.  If you have previously modified /etc/tomcat5/web.xml, this change
will not be made automatically and you should manually update the value for
the "listings" parameter to "false".  

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

237089 - CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
cc46f7adab310f95bd5d84dcef6febd8  tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm

i386:
928248fce7427baf393b98f4e56c2441  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm
e69ffeb57454387a4b2df5e4a468524a  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.i386.rpm
64568752869742380e58a3443e5942b0  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.i386.rpm

x86_64:
6279d1547e42c3acbd3416069ee19e32  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
860411ffc918bba85ba91d470c38f478  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
261a7ece1e9465ceb2038ab14cabcf35  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
d7b49a8038c45e0058d38975c8b6aac7  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.src.rpm
cc46f7adab310f95bd5d84dcef6febd8  tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm

i386:
adf41fbc470587b6fc9ecaf1d1f098b9  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.i386.rpm
91aa19237a851e86db301c126940a7f4  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.i386.rpm
136c4d8eb9185dec26117710e977be4a  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.i386.rpm
a47a62de312b9aa732908b012c7d7921  tomcat5-5.5.23-0jpp.1.0.3.el5.i386.rpm
3c0f713d0e672e52e883ffbf02a62fe3  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm
b4147f73e0fdd17928e04018d1d9e045  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm
928248fce7427baf393b98f4e56c2441  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm
6b0fc7dcb20576476ce17ae32245c15e  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.i386.rpm
fae82087121a0fa8d8b639293dc396db  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
04dfeb55a072bd3aee9e1dafa8709688  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
c02aa3729035e7df1a9318531deb9e95  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm
210373af7c98bd668cc47aa7bbffbad1  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
a009e6f97320ffa944f807b770a35d2f  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm

x86_64:
60b2813ec62e4a6395b46beb1da1a957  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.x86_64.rpm
d22d934c0d8bd04d26968409c4212361  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.x86_64.rpm
47199d1b84620a448efe1f05eb3cfc9c  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.x86_64.rpm
186e93ce1a5632200ccdc9ca887cd605  tomcat5-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
7cc08998016cd4efd4ae113e31005850  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
e7efd7c2b493148f1020dac5b4954eaa  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
6279d1547e42c3acbd3416069ee19e32  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
c6200fc43f9440411b2754a47d4ca25a  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
aca88a67a573ade1738ac6142bd7a1fb  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
d328f5626c19e13ca671eddc2e3dfb2a  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
c0e649a7e4df6c8368300c865da39024  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
f344d08b6b6d40524a65af8aa1ae38b0  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
f327de085c367b1e37841db93ac7fd80  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
d7b49a8038c45e0058d38975c8b6aac7  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.src.rpm
cc46f7adab310f95bd5d84dcef6febd8  tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm

i386:
adf41fbc470587b6fc9ecaf1d1f098b9  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.i386.rpm
91aa19237a851e86db301c126940a7f4  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.i386.rpm
136c4d8eb9185dec26117710e977be4a  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.i386.rpm
a47a62de312b9aa732908b012c7d7921  tomcat5-5.5.23-0jpp.1.0.3.el5.i386.rpm
3c0f713d0e672e52e883ffbf02a62fe3  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm
b4147f73e0fdd17928e04018d1d9e045  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm
928248fce7427baf393b98f4e56c2441  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm
6b0fc7dcb20576476ce17ae32245c15e  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.i386.rpm
fae82087121a0fa8d8b639293dc396db  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
e69ffeb57454387a4b2df5e4a468524a  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.i386.rpm
04dfeb55a072bd3aee9e1dafa8709688  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
c02aa3729035e7df1a9318531deb9e95  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm
64568752869742380e58a3443e5942b0  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.i386.rpm
210373af7c98bd668cc47aa7bbffbad1  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm
a009e6f97320ffa944f807b770a35d2f  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm

ia64:
bfe30bb15dd3547b5aba9fadb75ab366  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.ia64.rpm
90411c5a2a7753991b17e857078363da  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.ia64.rpm
1cfd15f4c243a709bd70af2986dc6535  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.ia64.rpm
2ef441bbc31bd6ab9a352133afc6bba7  tomcat5-5.5.23-0jpp.1.0.3.el5.ia64.rpm
dbd92d58e409a2e512be8f082d652013  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.ia64.rpm
3a681a5d72d27266fa5fda0234654823  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.ia64.rpm
3a02d75510cba8c93b1b131dbc8b8ed0  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.ia64.rpm
571d614b8dfc2a70fa69613c0276d9bc  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.ia64.rpm
927a1797b2a0937eb7664883b5c28873  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm
a18e063ed2d15f0b54ffbfe58ae2023a  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.ia64.rpm
151cb23cae3b32509738afb879e5b61d  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm
6d4132b0f2a039af33ae18027e0096d6  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.ia64.rpm
12f4c2890f10373e0a20b1beaab5b604  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.ia64.rpm
0b308dda3324688c32274dcdf716d2c4  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm
ae330c687e9efd6bd026b6515dc19156  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.ia64.rpm

ppc:
d2ee3a85407e305112f37678f53e0012  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.ppc.rpm
6a251d18f655cc76d43b04626879f73e  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.ppc.rpm
b534229b3539baec1ce3df41231f546a  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.ppc.rpm
e16c6f556b1764e3f2609d1314918173  tomcat5-5.5.23-0jpp.1.0.3.el5.ppc.rpm
7783e2e33698e6a9c6054b2f3b64e5f0  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.ppc.rpm
25c3e09308197390c5c0df76efbe07ba  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.ppc.rpm
6f3e0e1ff01b888693abbfb6d321c207  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.ppc.rpm
1a8713f2682af3afe9afad1ac2eca07c  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.ppc.rpm
30acf9f9334e0940774053a8b44afd5a  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm
af6a35c0b9ed88029256837fdd2ca938  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.ppc.rpm
a4232781c03bf089336f136d4c330f35  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm
29a596b379d5abdb81685a4866a1c37a  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.ppc.rpm
4a743638f8c08463ffbf77b01d3c278b  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.ppc.rpm
3b677daef9dd27a21b1a43ee89a1fcab  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm
decbc650352f601f99ba9e1ce00a1d93  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.ppc.rpm

s390x:
4b9f1ae545f47c5193f84a931ae5d9fd  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.s390x.rpm
8c54f929e3d5192298aaa0e36faa60d5  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.s390x.rpm
69fa73755833087bce25e483907852c5  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.s390x.rpm
217a7f71294ebf01735a7c09bb8fe2ec  tomcat5-5.5.23-0jpp.1.0.3.el5.s390x.rpm
0f53bdb25d5101dfd109db2c49750943  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.s390x.rpm
3e4bf168aa5b13bc40e728818f5274d4  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.s390x.rpm
5f1c6c955d7e199410d9b83fb7037416  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.s390x.rpm
976c554a4e4eeba6f94deff2211c9f30  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.s390x.rpm
938b932d303c8bbf07732926dca058e7  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm
960d468fa04d6b98901df2465f22b47a  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.s390x.rpm
1d88a1cfbcc2caa757af582485f9ebef  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm
6d98bb027e1fe19a8714dc2cd9d6e6f3  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.s390x.rpm
ae7ff11b2bfe04a217b44ec11edabab8  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.s390x.rpm
fa4545887eedbfd367dc966d10d5e342  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm
90f4bccfccdeb243258acd31b8eb41db  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.s390x.rpm

x86_64:
60b2813ec62e4a6395b46beb1da1a957  jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.x86_64.rpm
d22d934c0d8bd04d26968409c4212361  jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.x86_64.rpm
47199d1b84620a448efe1f05eb3cfc9c  jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.x86_64.rpm
186e93ce1a5632200ccdc9ca887cd605  tomcat5-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
7cc08998016cd4efd4ae113e31005850  tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
e7efd7c2b493148f1020dac5b4954eaa  tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
6279d1547e42c3acbd3416069ee19e32  tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
c6200fc43f9440411b2754a47d4ca25a  tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
aca88a67a573ade1738ac6142bd7a1fb  tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
860411ffc918bba85ba91d470c38f478  tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
d328f5626c19e13ca671eddc2e3dfb2a  tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
c0e649a7e4df6c8368300c865da39024  tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
261a7ece1e9465ceb2038ab14cabcf35  tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
f344d08b6b6d40524a65af8aa1ae38b0  tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
f327de085c367b1e37841db93ac7fd80  tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
https://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Important: tomcat security update RHSA-2007:0327-01

Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5

Summary



Summary

Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23.


Solution

Note: /etc/tomcat5/web.xml has been updated to disable directory listing by default. If you have previously modified /etc/tomcat5/web.xml, this change will not be made automatically and you should manually update the value for the "listings" parameter to "false".
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
237089 - CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: cc46f7adab310f95bd5d84dcef6febd8 tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm
i386: 928248fce7427baf393b98f4e56c2441 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm e69ffeb57454387a4b2df5e4a468524a tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.i386.rpm 64568752869742380e58a3443e5942b0 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.i386.rpm
x86_64: 6279d1547e42c3acbd3416069ee19e32 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 860411ffc918bba85ba91d470c38f478 tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 261a7ece1e9465ceb2038ab14cabcf35 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: d7b49a8038c45e0058d38975c8b6aac7 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.src.rpm cc46f7adab310f95bd5d84dcef6febd8 tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm
i386: adf41fbc470587b6fc9ecaf1d1f098b9 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.i386.rpm 91aa19237a851e86db301c126940a7f4 jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.i386.rpm 136c4d8eb9185dec26117710e977be4a jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.i386.rpm a47a62de312b9aa732908b012c7d7921 tomcat5-5.5.23-0jpp.1.0.3.el5.i386.rpm 3c0f713d0e672e52e883ffbf02a62fe3 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm b4147f73e0fdd17928e04018d1d9e045 tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm 928248fce7427baf393b98f4e56c2441 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm 6b0fc7dcb20576476ce17ae32245c15e tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.i386.rpm fae82087121a0fa8d8b639293dc396db tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm 04dfeb55a072bd3aee9e1dafa8709688 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm c02aa3729035e7df1a9318531deb9e95 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm 210373af7c98bd668cc47aa7bbffbad1 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm a009e6f97320ffa944f807b770a35d2f tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm
x86_64: 60b2813ec62e4a6395b46beb1da1a957 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.x86_64.rpm d22d934c0d8bd04d26968409c4212361 jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.x86_64.rpm 47199d1b84620a448efe1f05eb3cfc9c jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.x86_64.rpm 186e93ce1a5632200ccdc9ca887cd605 tomcat5-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 7cc08998016cd4efd4ae113e31005850 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm e7efd7c2b493148f1020dac5b4954eaa tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 6279d1547e42c3acbd3416069ee19e32 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm c6200fc43f9440411b2754a47d4ca25a tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.x86_64.rpm aca88a67a573ade1738ac6142bd7a1fb tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm d328f5626c19e13ca671eddc2e3dfb2a tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm c0e649a7e4df6c8368300c865da39024 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm f344d08b6b6d40524a65af8aa1ae38b0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm f327de085c367b1e37841db93ac7fd80 tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: d7b49a8038c45e0058d38975c8b6aac7 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.src.rpm cc46f7adab310f95bd5d84dcef6febd8 tomcat5-5.5.23-0jpp.1.0.3.el5.src.rpm
i386: adf41fbc470587b6fc9ecaf1d1f098b9 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.i386.rpm 91aa19237a851e86db301c126940a7f4 jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.i386.rpm 136c4d8eb9185dec26117710e977be4a jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.i386.rpm a47a62de312b9aa732908b012c7d7921 tomcat5-5.5.23-0jpp.1.0.3.el5.i386.rpm 3c0f713d0e672e52e883ffbf02a62fe3 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm b4147f73e0fdd17928e04018d1d9e045 tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm 928248fce7427baf393b98f4e56c2441 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.i386.rpm 6b0fc7dcb20576476ce17ae32245c15e tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.i386.rpm fae82087121a0fa8d8b639293dc396db tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm e69ffeb57454387a4b2df5e4a468524a tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.i386.rpm 04dfeb55a072bd3aee9e1dafa8709688 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm c02aa3729035e7df1a9318531deb9e95 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.i386.rpm 64568752869742380e58a3443e5942b0 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.i386.rpm 210373af7c98bd668cc47aa7bbffbad1 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.i386.rpm a009e6f97320ffa944f807b770a35d2f tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.i386.rpm
ia64: bfe30bb15dd3547b5aba9fadb75ab366 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.ia64.rpm 90411c5a2a7753991b17e857078363da jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.ia64.rpm 1cfd15f4c243a709bd70af2986dc6535 jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.ia64.rpm 2ef441bbc31bd6ab9a352133afc6bba7 tomcat5-5.5.23-0jpp.1.0.3.el5.ia64.rpm dbd92d58e409a2e512be8f082d652013 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.ia64.rpm 3a681a5d72d27266fa5fda0234654823 tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.ia64.rpm 3a02d75510cba8c93b1b131dbc8b8ed0 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.ia64.rpm 571d614b8dfc2a70fa69613c0276d9bc tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.ia64.rpm 927a1797b2a0937eb7664883b5c28873 tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm a18e063ed2d15f0b54ffbfe58ae2023a tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.ia64.rpm 151cb23cae3b32509738afb879e5b61d tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm 6d4132b0f2a039af33ae18027e0096d6 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.ia64.rpm 12f4c2890f10373e0a20b1beaab5b604 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.ia64.rpm 0b308dda3324688c32274dcdf716d2c4 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.ia64.rpm ae330c687e9efd6bd026b6515dc19156 tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.ia64.rpm
ppc: d2ee3a85407e305112f37678f53e0012 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.ppc.rpm 6a251d18f655cc76d43b04626879f73e jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.ppc.rpm b534229b3539baec1ce3df41231f546a jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.ppc.rpm e16c6f556b1764e3f2609d1314918173 tomcat5-5.5.23-0jpp.1.0.3.el5.ppc.rpm 7783e2e33698e6a9c6054b2f3b64e5f0 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.ppc.rpm 25c3e09308197390c5c0df76efbe07ba tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.ppc.rpm 6f3e0e1ff01b888693abbfb6d321c207 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.ppc.rpm 1a8713f2682af3afe9afad1ac2eca07c tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.ppc.rpm 30acf9f9334e0940774053a8b44afd5a tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm af6a35c0b9ed88029256837fdd2ca938 tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.ppc.rpm a4232781c03bf089336f136d4c330f35 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm 29a596b379d5abdb81685a4866a1c37a tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.ppc.rpm 4a743638f8c08463ffbf77b01d3c278b tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.ppc.rpm 3b677daef9dd27a21b1a43ee89a1fcab tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.ppc.rpm decbc650352f601f99ba9e1ce00a1d93 tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.ppc.rpm
s390x: 4b9f1ae545f47c5193f84a931ae5d9fd jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.s390x.rpm 8c54f929e3d5192298aaa0e36faa60d5 jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.s390x.rpm 69fa73755833087bce25e483907852c5 jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.s390x.rpm 217a7f71294ebf01735a7c09bb8fe2ec tomcat5-5.5.23-0jpp.1.0.3.el5.s390x.rpm 0f53bdb25d5101dfd109db2c49750943 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.s390x.rpm 3e4bf168aa5b13bc40e728818f5274d4 tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.s390x.rpm 5f1c6c955d7e199410d9b83fb7037416 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.s390x.rpm 976c554a4e4eeba6f94deff2211c9f30 tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.s390x.rpm 938b932d303c8bbf07732926dca058e7 tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm 960d468fa04d6b98901df2465f22b47a tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.s390x.rpm 1d88a1cfbcc2caa757af582485f9ebef tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm 6d98bb027e1fe19a8714dc2cd9d6e6f3 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.s390x.rpm ae7ff11b2bfe04a217b44ec11edabab8 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.s390x.rpm fa4545887eedbfd367dc966d10d5e342 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.s390x.rpm 90f4bccfccdeb243258acd31b8eb41db tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.s390x.rpm
x86_64: 60b2813ec62e4a6395b46beb1da1a957 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5.x86_64.rpm d22d934c0d8bd04d26968409c4212361 jakarta-commons-modeler-debuginfo-1.1-8jpp.1.0.2.el5.x86_64.rpm 47199d1b84620a448efe1f05eb3cfc9c jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5.x86_64.rpm 186e93ce1a5632200ccdc9ca887cd605 tomcat5-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 7cc08998016cd4efd4ae113e31005850 tomcat5-admin-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm e7efd7c2b493148f1020dac5b4954eaa tomcat5-common-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 6279d1547e42c3acbd3416069ee19e32 tomcat5-debuginfo-5.5.23-0jpp.1.0.3.el5.x86_64.rpm c6200fc43f9440411b2754a47d4ca25a tomcat5-jasper-5.5.23-0jpp.1.0.3.el5.x86_64.rpm aca88a67a573ade1738ac6142bd7a1fb tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 860411ffc918bba85ba91d470c38f478 tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm d328f5626c19e13ca671eddc2e3dfb2a tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm c0e649a7e4df6c8368300c865da39024 tomcat5-server-lib-5.5.23-0jpp.1.0.3.el5.x86_64.rpm 261a7ece1e9465ceb2038ab14cabcf35 tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.3.el5.x86_64.rpm f344d08b6b6d40524a65af8aa1ae38b0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.3.el5.x86_64.rpm f327de085c367b1e37841db93ac7fd80 tomcat5-webapps-5.5.23-0jpp.1.0.3.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 https://tomcat.apache.org/security-5.html http://www.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2007:0327-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0327.html
Issued Date: : 2007-05-14
Updated on: 2007-05-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2090 CVE-2006-7195 CVE-2007-0450 Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved