Security Advisory Moderate: tomcat security update

Advisory: RHSA-2008:0195-5
Type: Security Advisory
Severity: Moderate
Issued on: 2008-04-28
Last updated on: 2008-04-28
Affected Products: Developer Suite v3 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-3382
CVE-2007-3385
CVE-2007-5342
CVE-2007-5461

Details

Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.

Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).

A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. This allowed remote attackers to remote authenticated users to
read accessible to the local user running the tomcat process (CVE-2007-5461).

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process (CVE-2007-5342).

Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Developer Suite v3 EL4
SRPMS:
tomcat5-5.5.23-0jpp_11rh.src.rpm
File outdated by:  RHSA-2009:1563		     a5e19ada6767ec5bca50aa8d925e9e9e
 
IA-32:
tomcat5-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     30e3b504a80c513a5f21d7a11dd5f8f5
tomcat5-common-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9cfe87c9717873c41ddae75c9f7ec9f9
tomcat5-jasper-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9c4edf97c53de8835743e152437d7b3d
tomcat5-jsp-2.0-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     f0130da7f3cba370b56e74b44a933a69
tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     2fbf3efe983fa658a1bd76db05852c1a
tomcat5-servlet-2.4-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     3f6a919ccc41efa2e3c156b9829dbebd
 
IA-64:
tomcat5-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     30e3b504a80c513a5f21d7a11dd5f8f5
tomcat5-common-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9cfe87c9717873c41ddae75c9f7ec9f9
tomcat5-jasper-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9c4edf97c53de8835743e152437d7b3d
tomcat5-jsp-2.0-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     f0130da7f3cba370b56e74b44a933a69
tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     2fbf3efe983fa658a1bd76db05852c1a
tomcat5-servlet-2.4-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     3f6a919ccc41efa2e3c156b9829dbebd
 
PPC:
tomcat5-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     30e3b504a80c513a5f21d7a11dd5f8f5
tomcat5-common-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9cfe87c9717873c41ddae75c9f7ec9f9
tomcat5-jasper-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9c4edf97c53de8835743e152437d7b3d
tomcat5-jsp-2.0-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     f0130da7f3cba370b56e74b44a933a69
tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     2fbf3efe983fa658a1bd76db05852c1a
tomcat5-servlet-2.4-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     3f6a919ccc41efa2e3c156b9829dbebd
 
x86_64:
tomcat5-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     30e3b504a80c513a5f21d7a11dd5f8f5
tomcat5-common-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9cfe87c9717873c41ddae75c9f7ec9f9
tomcat5-jasper-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     9c4edf97c53de8835743e152437d7b3d
tomcat5-jsp-2.0-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     f0130da7f3cba370b56e74b44a933a69
tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     2fbf3efe983fa658a1bd76db05852c1a
tomcat5-servlet-2.4-api-5.5.23-0jpp_11rh.noarch.rpm
File outdated by:  RHSA-2009:1563		     3f6a919ccc41efa2e3c156b9829dbebd
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values
333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
427216 - CVE-2007-5342 Apache Tomcat's default security policy is too open


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#moderate

Keywords

Security

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/