Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat: RHSA-2007:0876-01 Moderate: Tomcat Cross-Site Scripting Risk

red hat
Calendar Grey October 11, 2007
Dist Redhat Esm H88
Routine security patch for Red Hat App Server addressing XSS vulnerabilities in tomcat modules. Keep your systems safe!
Updated tomcat packages that fix multiple security issues are now available for Red Hat Application Server v2

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

244803 - CVE-2007-1358 tomcat accept-language xss flaw 244804 - CVE-2007-2449 tomcat examples jsp XSS 244808 - CVE-2007-2450 tomcat host manager XSS 247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values 247994 - CVE-2007-3386 tomcat host manager xss

6. RPMs required:

Red Hat Application Server v2 4AS:

SRPMS: c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm

noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm

Red Hat Application Server v2 4ES:

SRPMS: c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm

noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm

Red Hat Application Server v2 4WS:

SRPMS: c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm

noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-1358 https://www.cve.org/CVERecord?id=CVE-2007-2449 https://www.cve.org/CVERecord?id=CVE-2007-2450 https://www.cve.org/CVERecord?id=CVE-2007-3382 https://www.cve.org/CVERecord?id=CVE-2007-3385 https://www.cve.org/CVERecord?id=CVE-2007-3386 https://tomcat.apache.org/security-5.html https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0876-01
Issue date: 2007-10-11
Updated on: 2007-10-11
Product: Red Hat Application Server

Topic

Relevant Releases Architectures

Red Hat Application Server v2 4AS - noarch

Red Hat Application Server v2 4ES - noarch

Red Hat Application Server v2 4WS - noarch

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here