Ubuntu
tomcat5 package

[tomcat5] multiple vulnerabilities

Bug #175505 reported by disabled.user
262
Affects Status Importance Assigned to Milestone
tomcat5 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
tomcat5.5 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: tomcat5

References:
MDKSA-2007:241 (http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:241)

Quoting:
"A number of vulnerabilities were found in Tomcat:

A directory traversal vulnerability, when using certain proxy modules,
allows a remote attacker to read arbitrary files via a .. (dot dot)
sequence with various slash, backslash, or url-encoded backslash
characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files
allow remote attackers to inject arbitrary web script or HTML
(CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host
Manager web applications allow remote authenticated users to inject
arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could
cause sensitive information such as session IDs to be leaked and allow
remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the " character sequence in a cookie
value, which could cause sensitive information such as session IDs
to be leaked and allow remote attackers to conduct session hijacking
attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet
allowed remote attackers to inject arbitrary HTML and web script via
crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag (CVE-2007-5461)."

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

See also DSA-1447-1 (http://www.debian.org/security/2007/dsa-1447).

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Sorry, there has been some unexpected change of years in recent time...

DSA-1447-1 (http://www.debian.org/security/2008/dsa-1447)

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Another DSA:
DSA-1468-1 (http://www.debian.org/security/2008/dsa-1468)

Revision history for this message
William Grant (wgrant) wrote :

All of these are fixed in Hardy.

Changed in tomcat5.5:
status: New → Invalid
status: New → Invalid
Changed in tomcat5:
status: New → Invalid
status: New → Fix Released
William Grant (wgrant)
Changed in tomcat5:
status: Invalid → New
status: New → Invalid
status: Fix Released → Invalid
Changed in tomcat5.5:
status: New → Invalid
status: Invalid → New
status: Invalid → Fix Released
Revision history for this message
Matti Lindell (mlind) wrote :

Hardy is affected by CVE-2007-5333 and CVE-2007-6286 which are fixed in upstream and Debian.

Changed in tomcat5.5:
status: Fix Released → New
William Grant (wgrant)
Changed in tomcat5.5:
status: New → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in tomcat5:
status: New → Won't Fix
Changed in tomcat5.5:
status: New → Won't Fix
Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in tomcat5:
status: New → Won't Fix
Changed in tomcat5.5:
status: New → Won't Fix
Revision history for this message
abrahamlu (abraham-lu) wrote :

Is/will this be fixed for tomcat5 in dapper?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityUpdateProcedures

Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in tomcat5.5 (Ubuntu Gutsy):
status: New → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in tomcat5 (Ubuntu Dapper):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.