Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0726 -- [RedHat] Moderate: tomcat security update 27 September 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: Red Hat Operating System: Red Hat Enterprise Linux Impact: Cross-site Scripting Inappropriate Access Access: Remote/Unauthenticated CVE Names: CVE-2007-3386 CVE-2007-3385 CVE-2007-3382 Ref: ESB-2007.0629 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0871.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: tomcat security update Advisory ID: RHSA-2007:0871-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0871.html Issue date: 2007-09-26 Updated on: 2007-09-26 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 - - --------------------------------------------------------------------- 1. Summary: Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386). Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values 247994 - CVE-2007-3386 tomcat host manager xss 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm 4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm i386: c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm 226f3d1465041197fc02615be82163fb tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm deb113e7d216237760505d9780b73a76 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm x86_64: 23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm fe8527d96dc984611e17982a0dfce68b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm c831207357291c3dd091964e9aa49ebc tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm 4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm i386: 7d71ed89d94341f41b171293ad013d6b tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm f0cfcd9ec14bf30223576796c3d86254 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm c8ab874847b19faec830f6d002ef5700 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm b128c5e933557b9e90aa7cb71ad86f72 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm 7166ea7ab11411ba0d0adf715657ac89 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm 34159a09da8641ba7d7a61335b9a3685 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm ec84df22f55b68f172123dfb39680230 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm 4d9285f3236fb71cc4f1595cdaceb2c0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm 14685a050088e338be428d4b315bed15 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm x86_64: 9a0875239aee9d021c8d4a56b42bb2a6 tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 11619162c8e0adc036756a7ac03ce559 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm d95026b2750fff774772c44a57f74792 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 9d3ddc4acf0c2ab389488f735aadf345 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 3f2f6100623f9acb18d990fc52d9aa82 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 1b51651253a8fe556bba1ddc565147f0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 86702ce51dbe4da513827d49758858d9 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 1be1106c350b4f834c5959e144cbfdb5 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 9ce3022090cc5cc036bec3f2edf75f49 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm 4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm i386: 7d71ed89d94341f41b171293ad013d6b tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm f0cfcd9ec14bf30223576796c3d86254 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm c8ab874847b19faec830f6d002ef5700 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm b128c5e933557b9e90aa7cb71ad86f72 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm 7166ea7ab11411ba0d0adf715657ac89 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm 226f3d1465041197fc02615be82163fb tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm 34159a09da8641ba7d7a61335b9a3685 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm ec84df22f55b68f172123dfb39680230 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm deb113e7d216237760505d9780b73a76 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm 4d9285f3236fb71cc4f1595cdaceb2c0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm 14685a050088e338be428d4b315bed15 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm ia64: d1243dc5b592ce4c5058abba7d315345 tomcat5-5.5.23-0jpp.3.0.2.el5.ia64.rpm a2cf1700b014cec10c29031a0bb543cf tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm f7c35060c547b32906d0152513198f52 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm 924aa06a7a426e77c9376cecf05833d1 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.ia64.rpm d3ebf74a70ed5e96600beca2cbc619d9 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ia64.rpm 678a8878ac383ec4b1d30f1e19623520 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm c15745c6040cf2c3f3f7ba9de185654d tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm d9597bc0b803984b99ffefbdb631a9d0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm 95526b81e80b1ed513e399279901bfc5 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm e237eff013f4913f67709b0b27e90d6b tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm 9543decf3e658d3bbcdf22a9ed151f87 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm 5d19ef46e5fc9b59f382c63160dd3c59 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm ppc: d2113dd83880307a85683247a02eb3a0 tomcat5-5.5.23-0jpp.3.0.2.el5.ppc.rpm 1befc45ebca6fcebdde8ea58255592db tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm 661cb595807b4be529c5fee444f53f73 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm 6fdf9f17f925f504dfa76ac6a53a2b89 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.ppc.rpm af2381512f812c196346fcfcedccc599 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ppc.rpm 0a5499eea93ae7230728764d6f5433c9 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm 39d4dbd2ffcdafe5595c8fcba0d36c82 tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm 916fb1dedfc9f27e67c722d872e019d8 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm f0a5fe0ea04ff15df8e1488e2e337606 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm 6ebdac439d0d3f640ee6bae5eb7d0db0 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm de8148bb55edd17fd09dda369b2b5621 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm d4c08ad82261464da948463712f7362d tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm s390x: c594c99a882748d4c8a6a26542fb5214 tomcat5-5.5.23-0jpp.3.0.2.el5.s390x.rpm 3fc2ddbb8cfd1b570b85ec2bcbbd1684 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm 5c0178460eaade94169af229a57c6764 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm bc8c2924826f432f1b39df050a775429 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.s390x.rpm 85590df0cf18b16e41309da3382bb5ff tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.s390x.rpm 74a06cfefa4d31dc17d5d9f4fa71f345 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm 2cbeb5dfc8464099c090434b8c5a8e0b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm fa035a0f0cd0b80a1e866c0e7c35899f tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm 8cb6883fa810bc4ad606724209f0bc15 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm 474dfcf43451a02d422506d8a12876a5 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm fedb0523b1a126613ca04fce2674546c tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm e9402bc61b20745f61ffed678af844f5 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm x86_64: 9a0875239aee9d021c8d4a56b42bb2a6 tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 11619162c8e0adc036756a7ac03ce559 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm d95026b2750fff774772c44a57f74792 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 9d3ddc4acf0c2ab389488f735aadf345 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 3f2f6100623f9acb18d990fc52d9aa82 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm fe8527d96dc984611e17982a0dfce68b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 1b51651253a8fe556bba1ddc565147f0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 86702ce51dbe4da513827d49758858d9 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm c831207357291c3dd091964e9aa49ebc tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 1be1106c350b4f834c5959e144cbfdb5 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm 9ce3022090cc5cc036bec3f2edf75f49 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://tomcat.apache.org/security-5.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFG+hmLXlSAg2UNWIIRAor1AKC2IOh5rvEQhEeMqlT224k06MdbFwCbBQFf kpfI6XAq4LI+Y1vN2vURuoQ= =RqY/ - -----END PGP SIGNATURE----- - -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRvrdEyh9+71yA2DNAQJABAP/Rw5GD8ZRo0Eqi/H3IrRFC77jmA3KesU4 80YiOrv/30Rt1vDeFkAyEY6Oguzj8H0pwPYusDYaaUKZJoZBLo5QZxmQrFbszdO9 KcfXnJhr3eVs4XR4/b3gWn4nIOpnTcaCg8Ij3DSKBJGbJs9JU0I67uSzZF5O7QYg NIFVsjBvb8Y= =JeJS -----END PGP SIGNATURE-----