tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold Cross Platform to
close a JSP source code exposure vulnerability.

Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies. A
source code exposure vulnerability has been found that affects Tomcat
versions 4.0.0 through 4.0.4 and 4.1.0 through 4.1.10.

Using a carefully crafted request, a remote attacker can read the source
code of any deployed JSP file.

Stronghold Cross Platform shipped with Tomcat version 4.0.3 and is
therefore susceptible to this vulnerability.

All users are advised to upgrade to these errata packages containing
Tomcat version 4.0.5 which is not vulnerable to this issue.

The updated packages are now available via the update agent service. Run
the command

$ bin/agent

from the Stronghold 4 install root to upgrade an existing Stronghold 4
installation to the new package versions. After upgrading Stronghold, the
server must be completely restarted by running the following commands from
the install root:

$ bin/stop-server
$ bin/stop-tomcat
$ bin/start-tomcat
$ bin/start-server

For more information on how to upgrade between releases of Stronghold 4,
see http://stronghold.redhat.com/support/upgrade-sh4

71144 - Text files are DOS format
71167 - A reload-tomcat script would be handy
71175 - Examples in catalina.policy file are broken
71177 - Content-type not set for errors
73724 - Tomcat HTTP server DoS vulnerability

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148
http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2

code, exposure, JSP, source, tomcat