Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0726 -- [RedHat]
Moderate: tomcat security update
27 September 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: tomcat
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux
Impact: Cross-site Scripting
Inappropriate Access
Access: Remote/Unauthenticated
CVE Names: CVE-2007-3386 CVE-2007-3385 CVE-2007-3382
Ref: ESB-2007.0629
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0871.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: tomcat security update
Advisory ID: RHSA-2007:0871-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0871.html
Issue date: 2007-09-26
Updated on: 2007-09-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
- - ---------------------------------------------------------------------
1. Summary:
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).
Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values
247994 - CVE-2007-3386 tomcat host manager xss
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
i386:
c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm
226f3d1465041197fc02615be82163fb tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
deb113e7d216237760505d9780b73a76 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
x86_64:
23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
fe8527d96dc984611e17982a0dfce68b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
c831207357291c3dd091964e9aa49ebc tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
i386:
7d71ed89d94341f41b171293ad013d6b tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm
f0cfcd9ec14bf30223576796c3d86254 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
c8ab874847b19faec830f6d002ef5700 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm
b128c5e933557b9e90aa7cb71ad86f72 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm
7166ea7ab11411ba0d0adf715657ac89 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
34159a09da8641ba7d7a61335b9a3685 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
ec84df22f55b68f172123dfb39680230 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
4d9285f3236fb71cc4f1595cdaceb2c0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
14685a050088e338be428d4b315bed15 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
x86_64:
9a0875239aee9d021c8d4a56b42bb2a6 tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
11619162c8e0adc036756a7ac03ce559 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
d95026b2750fff774772c44a57f74792 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
9d3ddc4acf0c2ab389488f735aadf345 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
3f2f6100623f9acb18d990fc52d9aa82 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
1b51651253a8fe556bba1ddc565147f0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
86702ce51dbe4da513827d49758858d9 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
1be1106c350b4f834c5959e144cbfdb5 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
9ce3022090cc5cc036bec3f2edf75f49 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
4cd5017f99a44689fd97bfaddb4d1e49 tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
i386:
7d71ed89d94341f41b171293ad013d6b tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm
f0cfcd9ec14bf30223576796c3d86254 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
c8ab874847b19faec830f6d002ef5700 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
c0dc6d1800b59c9bfc34a23b8d646af6 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.i386.rpm
b128c5e933557b9e90aa7cb71ad86f72 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm
7166ea7ab11411ba0d0adf715657ac89 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
226f3d1465041197fc02615be82163fb tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
34159a09da8641ba7d7a61335b9a3685 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
ec84df22f55b68f172123dfb39680230 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
deb113e7d216237760505d9780b73a76 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
4d9285f3236fb71cc4f1595cdaceb2c0 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
14685a050088e338be428d4b315bed15 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
ia64:
d1243dc5b592ce4c5058abba7d315345 tomcat5-5.5.23-0jpp.3.0.2.el5.ia64.rpm
a2cf1700b014cec10c29031a0bb543cf tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm
f7c35060c547b32906d0152513198f52 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm
924aa06a7a426e77c9376cecf05833d1 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.ia64.rpm
d3ebf74a70ed5e96600beca2cbc619d9 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ia64.rpm
678a8878ac383ec4b1d30f1e19623520 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
c15745c6040cf2c3f3f7ba9de185654d tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm
d9597bc0b803984b99ffefbdb631a9d0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
95526b81e80b1ed513e399279901bfc5 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm
e237eff013f4913f67709b0b27e90d6b tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm
9543decf3e658d3bbcdf22a9ed151f87 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
5d19ef46e5fc9b59f382c63160dd3c59 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm
ppc:
d2113dd83880307a85683247a02eb3a0 tomcat5-5.5.23-0jpp.3.0.2.el5.ppc.rpm
1befc45ebca6fcebdde8ea58255592db tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
661cb595807b4be529c5fee444f53f73 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm
6fdf9f17f925f504dfa76ac6a53a2b89 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.ppc.rpm
af2381512f812c196346fcfcedccc599 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ppc.rpm
0a5499eea93ae7230728764d6f5433c9 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
39d4dbd2ffcdafe5595c8fcba0d36c82 tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm
916fb1dedfc9f27e67c722d872e019d8 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
f0a5fe0ea04ff15df8e1488e2e337606 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm
6ebdac439d0d3f640ee6bae5eb7d0db0 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm
de8148bb55edd17fd09dda369b2b5621 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
d4c08ad82261464da948463712f7362d tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
s390x:
c594c99a882748d4c8a6a26542fb5214 tomcat5-5.5.23-0jpp.3.0.2.el5.s390x.rpm
3fc2ddbb8cfd1b570b85ec2bcbbd1684 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm
5c0178460eaade94169af229a57c6764 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm
bc8c2924826f432f1b39df050a775429 tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.s390x.rpm
85590df0cf18b16e41309da3382bb5ff tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.s390x.rpm
74a06cfefa4d31dc17d5d9f4fa71f345 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
2cbeb5dfc8464099c090434b8c5a8e0b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm
fa035a0f0cd0b80a1e866c0e7c35899f tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
8cb6883fa810bc4ad606724209f0bc15 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm
474dfcf43451a02d422506d8a12876a5 tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm
fedb0523b1a126613ca04fce2674546c tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
e9402bc61b20745f61ffed678af844f5 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm
x86_64:
9a0875239aee9d021c8d4a56b42bb2a6 tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
11619162c8e0adc036756a7ac03ce559 tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
d95026b2750fff774772c44a57f74792 tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
23d7a2a5d67055d37f27bef5503fee7b tomcat5-debuginfo-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
9d3ddc4acf0c2ab389488f735aadf345 tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
3f2f6100623f9acb18d990fc52d9aa82 tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
fe8527d96dc984611e17982a0dfce68b tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
1b51651253a8fe556bba1ddc565147f0 tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
86702ce51dbe4da513827d49758858d9 tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
c831207357291c3dd091964e9aa49ebc tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
1be1106c350b4f834c5959e144cbfdb5 tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
9ce3022090cc5cc036bec3f2edf75f49 tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFG+hmLXlSAg2UNWIIRAor1AKC2IOh5rvEQhEeMqlT224k06MdbFwCbBQFf
kpfI6XAq4LI+Y1vN2vURuoQ=
=RqY/
- -----END PGP SIGNATURE-----
- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRvrdEyh9+71yA2DNAQJABAP/Rw5GD8ZRo0Eqi/H3IrRFC77jmA3KesU4
80YiOrv/30Rt1vDeFkAyEY6Oguzj8H0pwPYusDYaaUKZJoZBLo5QZxmQrFbszdO9
KcfXnJhr3eVs4XR4/b3gWn4nIOpnTcaCg8Ij3DSKBJGbJs9JU0I67uSzZF5O7QYg
NIFVsjBvb8Y=
=JeJS
-----END PGP SIGNATURE-----