SciLinux: CVE-2009-2693 Important: tomcat5 SL5.x i386/x86_64
Summary
in HTTP requests. A specially-crafted HTTP request could prevent Tomcatfrom sending replies, or cause Tomcat to return truncated replies, orreplies containing data related to the requests of other users, for allsubsequent HTTP requests. (CVE-2010-2227)The Tomcat security update RHSA-2009:1164 did not, unlike the erratumtext stated, provide a fix for CVE-2009-0781, a cross-site scripting(XSS) flaw in the examples calendar application. With some web browsers,remote attackers could use this flaw to inject arbitrary web script orHTML via the "time" parameter. (CVE-2009-2696)Two directory traversal flaws were found in the Tomcat deploymentprocess. A specially-crafted WAR file could, when deployed, cause a fileto be created outside of the web root into any directory writable by theTomcat user, or could lead to the deletion of files in the Tomcat host'swork directory. (CVE-2009-2693, CVE-2009-2902)Tomcat must be restarted for this update to take effect.SL 5.xSRPMS:tomcat5-5.5.23-0jpp.9.el5_5.src.rpmi386:tomcat5-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-common-lib-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-jasper-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-server-lib-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpmtomcat5-webapps-5.5.23-0jpp.9.el5_5.i386.rpmx86_64:tomcat5-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-common-lib-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-server-lib-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpmtomcat5-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm-Connie Sieh-Troy Dawson