Security Advisory Moderate: tomcat security update

Advisory: RHSA-2007:0871-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-09-26
Last updated on: 2007-09-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070871.xml
CVEs (cve.mitre.org): CVE-2007-3382
CVE-2007-3385
CVE-2007-3386

Details

Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.

Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).

Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
File outdated by:  RHSA-2009:1164		     4cd5017f99a44689fd97bfaddb4d1e49
 
IA-32:
tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     7d71ed89d94341f41b171293ad013d6b
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     f0cfcd9ec14bf30223576796c3d86254
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     c8ab874847b19faec830f6d002ef5700
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     b128c5e933557b9e90aa7cb71ad86f72
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     7166ea7ab11411ba0d0adf715657ac89
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     34159a09da8641ba7d7a61335b9a3685
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     ec84df22f55b68f172123dfb39680230
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     4d9285f3236fb71cc4f1595cdaceb2c0
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     14685a050088e338be428d4b315bed15
 
x86_64:
tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9a0875239aee9d021c8d4a56b42bb2a6
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     11619162c8e0adc036756a7ac03ce559
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     d95026b2750fff774772c44a57f74792
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9d3ddc4acf0c2ab389488f735aadf345
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     3f2f6100623f9acb18d990fc52d9aa82
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     1b51651253a8fe556bba1ddc565147f0
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     86702ce51dbe4da513827d49758858d9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     1be1106c350b4f834c5959e144cbfdb5
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9ce3022090cc5cc036bec3f2edf75f49
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
File outdated by:  RHSA-2009:1164		     4cd5017f99a44689fd97bfaddb4d1e49
 
IA-32:
tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     7d71ed89d94341f41b171293ad013d6b
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     f0cfcd9ec14bf30223576796c3d86254
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     c8ab874847b19faec830f6d002ef5700
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     b128c5e933557b9e90aa7cb71ad86f72
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     7166ea7ab11411ba0d0adf715657ac89
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     226f3d1465041197fc02615be82163fb
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     34159a09da8641ba7d7a61335b9a3685
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     ec84df22f55b68f172123dfb39680230
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     deb113e7d216237760505d9780b73a76
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     4d9285f3236fb71cc4f1595cdaceb2c0
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     14685a050088e338be428d4b315bed15
 
IA-64:
tomcat5-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     d1243dc5b592ce4c5058abba7d315345
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     a2cf1700b014cec10c29031a0bb543cf
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     f7c35060c547b32906d0152513198f52
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     d3ebf74a70ed5e96600beca2cbc619d9
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     678a8878ac383ec4b1d30f1e19623520
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     c15745c6040cf2c3f3f7ba9de185654d
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     d9597bc0b803984b99ffefbdb631a9d0
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     95526b81e80b1ed513e399279901bfc5
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     e237eff013f4913f67709b0b27e90d6b
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     9543decf3e658d3bbcdf22a9ed151f87
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ia64.rpm
File outdated by:  RHSA-2009:1164		     5d19ef46e5fc9b59f382c63160dd3c59
 
PPC:
tomcat5-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     d2113dd83880307a85683247a02eb3a0
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     1befc45ebca6fcebdde8ea58255592db
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     661cb595807b4be529c5fee444f53f73
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     af2381512f812c196346fcfcedccc599
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     0a5499eea93ae7230728764d6f5433c9
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     39d4dbd2ffcdafe5595c8fcba0d36c82
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     916fb1dedfc9f27e67c722d872e019d8
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     f0a5fe0ea04ff15df8e1488e2e337606
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     6ebdac439d0d3f640ee6bae5eb7d0db0
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     de8148bb55edd17fd09dda369b2b5621
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.ppc.rpm
File outdated by:  RHSA-2009:1164		     d4c08ad82261464da948463712f7362d
 
s390x:
tomcat5-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     c594c99a882748d4c8a6a26542fb5214
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     3fc2ddbb8cfd1b570b85ec2bcbbd1684
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     5c0178460eaade94169af229a57c6764
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     85590df0cf18b16e41309da3382bb5ff
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     74a06cfefa4d31dc17d5d9f4fa71f345
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     2cbeb5dfc8464099c090434b8c5a8e0b
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     fa035a0f0cd0b80a1e866c0e7c35899f
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     8cb6883fa810bc4ad606724209f0bc15
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     474dfcf43451a02d422506d8a12876a5
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     fedb0523b1a126613ca04fce2674546c
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.s390x.rpm
File outdated by:  RHSA-2009:1164		     e9402bc61b20745f61ffed678af844f5
 
x86_64:
tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9a0875239aee9d021c8d4a56b42bb2a6
tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     11619162c8e0adc036756a7ac03ce559
tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     d95026b2750fff774772c44a57f74792
tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9d3ddc4acf0c2ab389488f735aadf345
tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     3f2f6100623f9acb18d990fc52d9aa82
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     fe8527d96dc984611e17982a0dfce68b
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     1b51651253a8fe556bba1ddc565147f0
tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     86702ce51dbe4da513827d49758858d9
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     c831207357291c3dd091964e9aa49ebc
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     1be1106c350b4f834c5959e144cbfdb5
tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     9ce3022090cc5cc036bec3f2edf75f49
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
File outdated by:  RHSA-2009:1164		     4cd5017f99a44689fd97bfaddb4d1e49
 
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     226f3d1465041197fc02615be82163fb
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm
File outdated by:  RHSA-2009:1164		     deb113e7d216237760505d9780b73a76
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     fe8527d96dc984611e17982a0dfce68b
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2009:1164		     c831207357291c3dd091964e9aa49ebc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values
247994 - CVE-2007-3386 tomcat host manager xss


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/