Security Advisory Important: tomcat security update

Advisory: RHSA-2008:0864-2
Type: Security Advisory
Severity: Important
Issued on: 2008-10-02
Last updated on: 2008-10-02
Affected Products: Developer Suite v3 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-1232
CVE-2008-1947
CVE-2008-2370
CVE-2008-2938

Details

Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Developer Suite v3 EL4
SRPMS:
tomcat5-5.5.23-0jpp_12rh.src.rpm     653c6ab1892747c8428f5845be8ea014
 
IA-32:
tomcat5-5.5.23-0jpp_12rh.noarch.rpm     394bd24a973ed8859c1708e05eb79065
tomcat5-common-lib-5.5.23-0jpp_12rh.noarch.rpm     5c6d95f008ec06d9237ea636212585e4
tomcat5-jasper-5.5.23-0jpp_12rh.noarch.rpm     43771c3609ada385eb14d7f7b08bde3c
tomcat5-jsp-2.0-api-5.5.23-0jpp_12rh.noarch.rpm     d008239309e9c80c28a3cb57dcbc4ad9
tomcat5-server-lib-5.5.23-0jpp_12rh.noarch.rpm     e81a319f3663743547087ca739a9ad00
tomcat5-servlet-2.4-api-5.5.23-0jpp_12rh.noarch.rpm     c532508923fa2a8ab08b905f5ff551a6
 
IA-64:
tomcat5-5.5.23-0jpp_12rh.noarch.rpm     394bd24a973ed8859c1708e05eb79065
tomcat5-common-lib-5.5.23-0jpp_12rh.noarch.rpm     5c6d95f008ec06d9237ea636212585e4
tomcat5-jasper-5.5.23-0jpp_12rh.noarch.rpm     43771c3609ada385eb14d7f7b08bde3c
tomcat5-jsp-2.0-api-5.5.23-0jpp_12rh.noarch.rpm     d008239309e9c80c28a3cb57dcbc4ad9
tomcat5-server-lib-5.5.23-0jpp_12rh.noarch.rpm     e81a319f3663743547087ca739a9ad00
tomcat5-servlet-2.4-api-5.5.23-0jpp_12rh.noarch.rpm     c532508923fa2a8ab08b905f5ff551a6
 
PPC:
tomcat5-5.5.23-0jpp_12rh.noarch.rpm     394bd24a973ed8859c1708e05eb79065
tomcat5-common-lib-5.5.23-0jpp_12rh.noarch.rpm     5c6d95f008ec06d9237ea636212585e4
tomcat5-jasper-5.5.23-0jpp_12rh.noarch.rpm     43771c3609ada385eb14d7f7b08bde3c
tomcat5-jsp-2.0-api-5.5.23-0jpp_12rh.noarch.rpm     d008239309e9c80c28a3cb57dcbc4ad9
tomcat5-server-lib-5.5.23-0jpp_12rh.noarch.rpm     e81a319f3663743547087ca739a9ad00
tomcat5-servlet-2.4-api-5.5.23-0jpp_12rh.noarch.rpm     c532508923fa2a8ab08b905f5ff551a6
 
x86_64:
tomcat5-5.5.23-0jpp_12rh.noarch.rpm     394bd24a973ed8859c1708e05eb79065
tomcat5-common-lib-5.5.23-0jpp_12rh.noarch.rpm     5c6d95f008ec06d9237ea636212585e4
tomcat5-jasper-5.5.23-0jpp_12rh.noarch.rpm     43771c3609ada385eb14d7f7b08bde3c
tomcat5-jsp-2.0-api-5.5.23-0jpp_12rh.noarch.rpm     d008239309e9c80c28a3cb57dcbc4ad9
tomcat5-server-lib-5.5.23-0jpp_12rh.noarch.rpm     e81a319f3663743547087ca739a9ad00
tomcat5-servlet-2.4-api-5.5.23-0jpp_12rh.noarch.rpm     c532508923fa2a8ab08b905f5ff551a6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446393 - CVE-2008-1947 Tomcat host manager xss - name field
456120 - CVE-2008-2938 tomcat Unicode directory traversal vulnerability
457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call
457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#important

Keywords

Security

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/