Skip to navigation

Security Advisory Important: tomcat security update

Advisory: RHSA-2009:1164-1
Type: Security Advisory
Severity: Important
Issued on: 2009-07-21
Last updated on: 2009-07-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2007-5333
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783

Details

Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not
address all possible flaws in the way Tomcat handles certain characters and
character sequences in cookie values. A remote attacker could use this flaw
to obtain sensitive information, such as session IDs, and then use this
information for session hijacking attacks. (CVE-2007-5333)

Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: with this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:

org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false

It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)

A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)

It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)

A cross-site scripting (XSS) flaw was found in the examples calendar
application. With some web browsers, remote attackers could use this flaw
to inject arbitrary web script or HTML via the "time" parameter.
(CVE-2009-0781)

It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 1a877d4731e69631f2ece6c96c453b85
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 67be623c13975af58aa8a843fd04f59e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 5280c7818584b063332880118f6f0f7a
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 8e392472cc1c6d81726d60dd2b507edb
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 59a11238dd36a2a086774d419bb16c12
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: a1b90843c86b9914734ac4da2caa1286
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: c867e14441c8bd37b3cb5442790272c1
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: d81b06a4e4862b29c89e4f9784060a28
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: f35eecb0bed062cc113475da865037b9
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 4e6f4e5c37bb0f1546fed49c489b491e
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 33a09ef8c51d2546ca875a86e0d22b3e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: ea5203e8310995dddcb8f24d6a74a873
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 7d0172a49818ed9e5f5a97a527193eb0
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 3523a50150eb5f416f78f9dc426d9a1b
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 93c0bf1a5e0a4dc1390c31df121bec41
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 95b629e27871dc892ecfb7303c0e3429
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 488c16f4af06b02e32850f7159c197ba
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 536ba1304b0ba42b0ba7c893cdbb4d89
 
Red Hat Enterprise Linux (v. 5 server)
IA-32:
tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 1a877d4731e69631f2ece6c96c453b85
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 67be623c13975af58aa8a843fd04f59e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 5280c7818584b063332880118f6f0f7a
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 8e392472cc1c6d81726d60dd2b507edb
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 59a11238dd36a2a086774d419bb16c12
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 47e5e11f70e528ef154a58674fc71076
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: a1b90843c86b9914734ac4da2caa1286
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: c867e14441c8bd37b3cb5442790272c1
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: e53f0dc9b75946c268bb950d8787fc4c
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: d81b06a4e4862b29c89e4f9784060a28
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: f35eecb0bed062cc113475da865037b9
 
IA-64:
tomcat5-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 2ed6664ef5728d700c55d4640c7b17ec
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: f34383d837f3e6ec2dd1c9b71f7d1200
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: f47eebc8604bea60b966d9171f8524e4
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: f16237cd6eae4742de7522b9bca0eee6
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 9ffb33f617cc8ee4351faab058d03572
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 02fffc20479bf32e1cdb3cfee53c60f3
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: f10f62eebd52612501d0a1f1b749f7a4
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 682b5ec5d95fc4bf5fb323663840a626
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 8b341f4a39729b94481fc255307327be
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: e54e044c1791b68af8d48df961dc2b75
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 1365e145fd4d4d3853fbb18d8acda6bb
 
PPC:
tomcat5-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: a33dc66f66da683920bec05da2c2f388
tomcat5-5.5.23-0jpp.7.el5_3.2.ppc64.rpm
File outdated by:  RHSA-2013:0870		     MD5: fd3f6cd3204a0a9e64aea03e07bf2a96
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: eec31e5f3c8ab4c96edbc8f7b54aa87f
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: db1a192cb3aec2ed3d2992d3e00e3a6b
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: 5bde92f7857bda3f2e4c7493c07ec654
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: ed99d290da5a01ff39d4b484138f2c77
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: 29daf95d0d3802077cf3ab82c8b6e54d
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: b35c4993d104e98a1e3a1cc2cd5a98cf
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: 2bd83b0d627eb4f97bb618537f854d27
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: 89a99c56adf60a175ceff33b2b8213c9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: 6b4b1e4be70d4700fb82a81fea2e0b77
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm
File outdated by:  RHSA-2013:0870		     MD5: ccc56e38edb9b0cb24e4b6120f0563a3
 
s390x:
tomcat5-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 5b879750d26a65fa3d87bd75517e9bed
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 703bb609f07c2c12f7b54ac3dabe9ec9
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: d0c26f175296518a34ed6d2b63e8c411
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: f1f876788f7a3b798c3aeff565a9d88a
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 81cb5801f5270f30cc046439cc4b0330
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 5a3828a6d5c9a78c0ada1edc998c859c
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 7f40c91dcdbd4ae9e5c93cc8dd5c681b
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: f95e4c53371fc4dec10400298ee50974
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 3056b04cc3fb8ca5c715ec5e042b5719
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 91b9aefdcd02a73d310e76ca61df92ae
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm
File outdated by:  RHSA-2013:0870		     MD5: 0f2c944b57cbb91b2e5cb7a523b2e5e2
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 4e6f4e5c37bb0f1546fed49c489b491e
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 33a09ef8c51d2546ca875a86e0d22b3e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: ea5203e8310995dddcb8f24d6a74a873
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 7d0172a49818ed9e5f5a97a527193eb0
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 3523a50150eb5f416f78f9dc426d9a1b
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: da023201cf582d3a7cde658d46d19e45
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 93c0bf1a5e0a4dc1390c31df121bec41
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 95b629e27871dc892ecfb7303c0e3429
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 00d3d487e31c56d63086c3a3241ba0f9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 488c16f4af06b02e32850f7159c197ba
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 536ba1304b0ba42b0ba7c893cdbb4d89
 
Red Hat Enterprise Linux Desktop (v. 5 client)
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: 47e5e11f70e528ef154a58674fc71076
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm
File outdated by:  RHSA-2013:0870		     MD5: e53f0dc9b75946c268bb950d8787fc4c
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: da023201cf582d3a7cde658d46d19e45
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm
File outdated by:  RHSA-2013:0870		     MD5: 00d3d487e31c56d63086c3a3241ba0f9
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
IA-32:
tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 1a877d4731e69631f2ece6c96c453b85
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 67be623c13975af58aa8a843fd04f59e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 5280c7818584b063332880118f6f0f7a
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 8e392472cc1c6d81726d60dd2b507edb
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 59a11238dd36a2a086774d419bb16c12
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 47e5e11f70e528ef154a58674fc71076
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: a1b90843c86b9914734ac4da2caa1286
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: c867e14441c8bd37b3cb5442790272c1
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: e53f0dc9b75946c268bb950d8787fc4c
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: d81b06a4e4862b29c89e4f9784060a28
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: f35eecb0bed062cc113475da865037b9
 
IA-64:
tomcat5-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 2ed6664ef5728d700c55d4640c7b17ec
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f34383d837f3e6ec2dd1c9b71f7d1200
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f47eebc8604bea60b966d9171f8524e4
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f16237cd6eae4742de7522b9bca0eee6
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 9ffb33f617cc8ee4351faab058d03572
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 02fffc20479bf32e1cdb3cfee53c60f3
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f10f62eebd52612501d0a1f1b749f7a4
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 682b5ec5d95fc4bf5fb323663840a626
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 8b341f4a39729b94481fc255307327be
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: e54e044c1791b68af8d48df961dc2b75
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 1365e145fd4d4d3853fbb18d8acda6bb
 
PPC:
tomcat5-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: a33dc66f66da683920bec05da2c2f388
tomcat5-5.5.23-0jpp.7.el5_3.2.ppc64.rpm     MD5: fd3f6cd3204a0a9e64aea03e07bf2a96
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: eec31e5f3c8ab4c96edbc8f7b54aa87f
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: db1a192cb3aec2ed3d2992d3e00e3a6b
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: 5bde92f7857bda3f2e4c7493c07ec654
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: ed99d290da5a01ff39d4b484138f2c77
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: 29daf95d0d3802077cf3ab82c8b6e54d
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: b35c4993d104e98a1e3a1cc2cd5a98cf
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: 2bd83b0d627eb4f97bb618537f854d27
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: 89a99c56adf60a175ceff33b2b8213c9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: 6b4b1e4be70d4700fb82a81fea2e0b77
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm     MD5: ccc56e38edb9b0cb24e4b6120f0563a3
 
s390x:
tomcat5-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 5b879750d26a65fa3d87bd75517e9bed
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 703bb609f07c2c12f7b54ac3dabe9ec9
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: d0c26f175296518a34ed6d2b63e8c411
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: f1f876788f7a3b798c3aeff565a9d88a
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 81cb5801f5270f30cc046439cc4b0330
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 5a3828a6d5c9a78c0ada1edc998c859c
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 7f40c91dcdbd4ae9e5c93cc8dd5c681b
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: f95e4c53371fc4dec10400298ee50974
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 3056b04cc3fb8ca5c715ec5e042b5719
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 91b9aefdcd02a73d310e76ca61df92ae
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm     MD5: 0f2c944b57cbb91b2e5cb7a523b2e5e2
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 4e6f4e5c37bb0f1546fed49c489b491e
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 33a09ef8c51d2546ca875a86e0d22b3e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: ea5203e8310995dddcb8f24d6a74a873
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 7d0172a49818ed9e5f5a97a527193eb0
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 3523a50150eb5f416f78f9dc426d9a1b
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: da023201cf582d3a7cde658d46d19e45
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 93c0bf1a5e0a4dc1390c31df121bec41
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 95b629e27871dc892ecfb7303c0e3429
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 00d3d487e31c56d63086c3a3241ba0f9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 488c16f4af06b02e32850f7159c197ba
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 536ba1304b0ba42b0ba7c893cdbb4d89
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)
IA-32:
tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 1a877d4731e69631f2ece6c96c453b85
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 67be623c13975af58aa8a843fd04f59e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 5280c7818584b063332880118f6f0f7a
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 8e392472cc1c6d81726d60dd2b507edb
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 59a11238dd36a2a086774d419bb16c12
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: 47e5e11f70e528ef154a58674fc71076
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: a1b90843c86b9914734ac4da2caa1286
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: c867e14441c8bd37b3cb5442790272c1
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: e53f0dc9b75946c268bb950d8787fc4c
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: d81b06a4e4862b29c89e4f9784060a28
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm     MD5: f35eecb0bed062cc113475da865037b9
 
IA-64:
tomcat5-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 2ed6664ef5728d700c55d4640c7b17ec
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f34383d837f3e6ec2dd1c9b71f7d1200
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f47eebc8604bea60b966d9171f8524e4
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f16237cd6eae4742de7522b9bca0eee6
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 9ffb33f617cc8ee4351faab058d03572
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 02fffc20479bf32e1cdb3cfee53c60f3
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: f10f62eebd52612501d0a1f1b749f7a4
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 682b5ec5d95fc4bf5fb323663840a626
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 8b341f4a39729b94481fc255307327be
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: e54e044c1791b68af8d48df961dc2b75
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm     MD5: 1365e145fd4d4d3853fbb18d8acda6bb
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 4e6f4e5c37bb0f1546fed49c489b491e
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 33a09ef8c51d2546ca875a86e0d22b3e
tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: ea5203e8310995dddcb8f24d6a74a873
tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 7d0172a49818ed9e5f5a97a527193eb0
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 3523a50150eb5f416f78f9dc426d9a1b
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: da023201cf582d3a7cde658d46d19e45
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 93c0bf1a5e0a4dc1390c31df121bec41
tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 95b629e27871dc892ecfb7303c0e3429
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 00d3d487e31c56d63086c3a3241ba0f9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 488c16f4af06b02e32850f7159c197ba
tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm     MD5: 536ba1304b0ba42b0ba7c893cdbb4d89
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

427766 - CVE-2007-5333 Improve cookie parsing for tomcat5
489028 - CVE-2009-0781 tomcat: XSS in Apache Tomcat calendar application
493381 - CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection
503978 - CVE-2009-0580 tomcat6 Information disclosure in authentication classes
504153 - CVE-2009-0783 tomcat XML parser information disclosure
504753 - CVE-2008-5515 tomcat request dispatcher information disclosure vulnerability


References

https://www.redhat.com/security/data/cve/CVE-2007-5333.html
https://www.redhat.com/security/data/cve/CVE-2008-5515.html
https://www.redhat.com/security/data/cve/CVE-2009-0033.html
https://www.redhat.com/security/data/cve/CVE-2009-0580.html
https://www.redhat.com/security/data/cve/CVE-2009-0781.html
https://www.redhat.com/security/data/cve/CVE-2009-0783.html
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#important

Keywords

Security

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/