Skip to navigation

Security Advisory Moderate: tomcat5 security update

Advisory: RHSA-2011:1845-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-12-20
Last updated on: 2011-12-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-3718
CVE-2011-0013
CVE-2011-1184
CVE-2011-2204
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064

Details

Updated tomcat5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat
host's work directory. As web applications deployed on Tomcat have read and
write access to this directory, a malicious web application could use this
flaw to trick Tomcat into giving it read and write access to an arbitrary
directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. A malicious web
application could use this flaw to conduct an XSS attack, leading to
arbitrary web script execution with the privileges of victims who are
logged into and viewing Manager application web pages. (CVE-2011-0013)

Multiple flaws were found in the way Tomcat handled HTTP DIGEST
authentication. These flaws weakened the Tomcat HTTP DIGEST authentication
implementation, subjecting it to some of the weaknesses of HTTP BASIC
authentication, for example, allowing remote attackers to perform session
replay attacks. (CVE-2011-1184)

A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception
occurred when creating a new user with a JMX client, that user's password
was logged to Tomcat log files. Note: By default, only administrators have
access to such log files. (CVE-2011-2204)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.22.el5_7.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: ec8f795d08fc4686685b1d6c4b47ba47
SHA-256: 82c2c3dcad7bd2b1df06fe1fbace5dd3463a93eecb76f92137f0dfcb7c6d72df
 
IA-32:
tomcat5-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 83a784d513c14bd31fd2eac5cd073f34
SHA-256: 671b500391bc7090e79ecf340a170386d7e6d6b910fe3ba83f3bb4b47b935963
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1406939f83d8e7d657051f5bb8d09d6f
SHA-256: bf5885e2060b4d55a26968890e24af2fc71bcecfac8e5c60189b3799ad924bd4
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5c110d670ae46b4b532891e10e23e521
SHA-256: e67888bed0b0eda1a6ac0d891264de02748b2aa0fb21919fcd4db7672f829ce3
tomcat5-jasper-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: c298886fe9e62a30bae23d85b934779c
SHA-256: 2be95aaf958e7266ddcabd6ad15b15c03a0fa4be14d9d63abce9f4f94f85e30b
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 16e4f5f5a0c9563090d3be2364b04ee7
SHA-256: cf40fa31e1e5f992dfcaafbc99f88a93d2c8a9170b0118a3469e0b23869c2a85
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9cc4191d52d779a01e64f301d23990aa
SHA-256: bffcaf001468c393fb414afd77e365d95d9f963eb63388fc80ab01cf64f98fd9
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: e669df56a055d1db87482991c8addd83
SHA-256: 65b78dbd61e32c09db76e184e34b0b2b3a000b3a06fa4d27cb5ae4b512911743
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 29389fbe0539deedc2456d54f4e15170
SHA-256: 8b3d02af7caed461ef82e2df7cb5c7b2c1a076f7faff6f464cb08ff1d655a5fd
tomcat5-webapps-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8089fffe36caf4899bb5741eff084a12
SHA-256: b021059d62ae4cc9013edf27bd59396add2ee5a987bad97128d003b6874e189a
 
x86_64:
tomcat5-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: f4f80a7005063a7b32aa1f4aaa64379d
SHA-256: d608e61a9406d22b8bd0fd71330d5aba62144e6185aa5c6a46f2326e5809a690
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b9d3f4efe1ed44f6785c0e48a35c3b6a
SHA-256: e305f53d6ae71d1df80264d26468ec488fe76867d3b6b6c4898925d04b22db45
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a180aa29d5cd7b3da8134444b9336bbe
SHA-256: d8c20a1b82ee9b25a69c801ff5fbe531f8ed07d4ecd1b7631e68e3aa28069392
tomcat5-jasper-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: df4d1ebd876a8c14718dea32ebd62edf
SHA-256: ae9d227a2ba9669d6a8d2e213b1883edf68f8d5ba73756d20f8f9f14976955ec
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 39a3ec56ab7ac39bc6a0bfcb2f2128be
SHA-256: 3c18bfe9ec6cdcf4d05d5e070bc22abf2970ed7326b8ec6bbd9778f2be64fdcb
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: feb40d7e00209e2c09b2d949139f735c
SHA-256: a4d370c991c6b887a0717d5e0734d5be62f0016d6ec89b69d543a904a4be83d9
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b1051c5ce5e5f94de91e09eda284db1b
SHA-256: 5426c0bfc34bfca59a7d398b2a0f790affb3a895c4bc33add6c13ff6fdcf97c7
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b9ac1848367766d11af28a37c43457e1
SHA-256: 2dfcb543bc76c77ea55fe54a411202b79e3674ee5882461fc89430ea24dfc6c9
tomcat5-webapps-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a451ba21127063a8b4229a8daebecdc2
SHA-256: 91e1ec32059f4e798ead44b1d98c78092129a88490dd4fab7edfee24fde8a984
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
tomcat5-5.5.23-0jpp.22.el5_7.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: ec8f795d08fc4686685b1d6c4b47ba47
SHA-256: 82c2c3dcad7bd2b1df06fe1fbace5dd3463a93eecb76f92137f0dfcb7c6d72df
 
IA-32:
tomcat5-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 83a784d513c14bd31fd2eac5cd073f34
SHA-256: 671b500391bc7090e79ecf340a170386d7e6d6b910fe3ba83f3bb4b47b935963
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1406939f83d8e7d657051f5bb8d09d6f
SHA-256: bf5885e2060b4d55a26968890e24af2fc71bcecfac8e5c60189b3799ad924bd4
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5c110d670ae46b4b532891e10e23e521
SHA-256: e67888bed0b0eda1a6ac0d891264de02748b2aa0fb21919fcd4db7672f829ce3
tomcat5-jasper-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: c298886fe9e62a30bae23d85b934779c
SHA-256: 2be95aaf958e7266ddcabd6ad15b15c03a0fa4be14d9d63abce9f4f94f85e30b
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 16e4f5f5a0c9563090d3be2364b04ee7
SHA-256: cf40fa31e1e5f992dfcaafbc99f88a93d2c8a9170b0118a3469e0b23869c2a85
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: b383a9c173568ef4186e9946357f13cc
SHA-256: 093abe8d6233da81db63602ea978ff528797ef66e416dc1991ac9cf566177075
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9cc4191d52d779a01e64f301d23990aa
SHA-256: bffcaf001468c393fb414afd77e365d95d9f963eb63388fc80ab01cf64f98fd9
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: e669df56a055d1db87482991c8addd83
SHA-256: 65b78dbd61e32c09db76e184e34b0b2b3a000b3a06fa4d27cb5ae4b512911743
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 95338ec0575c09bb7711862b38ad1c7f
SHA-256: 9bf2ab33e71d5ee13dedbbe07ba422be551aa298cb9fb899cb2044d2f9d2ac0a
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 29389fbe0539deedc2456d54f4e15170
SHA-256: 8b3d02af7caed461ef82e2df7cb5c7b2c1a076f7faff6f464cb08ff1d655a5fd
tomcat5-webapps-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8089fffe36caf4899bb5741eff084a12
SHA-256: b021059d62ae4cc9013edf27bd59396add2ee5a987bad97128d003b6874e189a
 
IA-64:
tomcat5-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 682ad17d4fedce382c959231beaf7029
SHA-256: a42e7bf4352d00f20908bff5cf5de8de9624e09cf336e45f5ce7bc83332be78f
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 6b4ab9609c3c84145bd49bc03a70368a
SHA-256: c13b74f371b3aecb1809451729e8ead927dc8c81a4221a47cb060f4fd4a20c4e
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: fe2fcfe36b7ae270eeb070f06625f3fa
SHA-256: a598f8b378e5eaad152f413b8bd65d6b49729e2ea9bb3b17bdcb457f08da366d
tomcat5-jasper-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 0b1ce4b867ff87a8997f0e0fbe410215
SHA-256: 413061123834c33234bbf050739e1cbff30b787f60f2b5a910e29b99eb34b4e9
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5aa79329da119737dfaa818e036645df
SHA-256: 6a30f3591b52bcbe6d8d57b219ffa3693264cf35e5f93c7095e8203bc8fea43c
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3735fbe26606efe7e8dbae71c8e9ef10
SHA-256: 0fde18f415d4e9529ab0c7f9774a87ea49ad6e6b4a508b845293dda075fda309
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a7c4a7ddccb0fcd2ea239456d8c6aebb
SHA-256: 2f7cf99a1be5eefe4bb1a75162230e2375981390be9f366a3e77868042e55bda
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: cf5d6c97a19d1ae24710d5c0b70d0d5d
SHA-256: 368ca691026a008564aba4f799801e26db18217cbb48e646175e8734583fdca9
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: efa6d905377ea3f3a8cd655c2b108812
SHA-256: 23855d3e6032edfcb5e28c7a8798afbf49c3826f58f9a42161b3d3924d98ce77
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8c7fb5abc369890b0bb17ba81401ecef
SHA-256: 102f5c62f9b468fb9f0ddc9c0b8ab5fc2520eaa501e43a4fe50310ec19d075c8
tomcat5-webapps-5.5.23-0jpp.22.el5_7.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7e935a1813cc5a9980fab95f404f15e7
SHA-256: 120aeea37884c4996dbd6545dc786f33201313a4941022145242726262ff30f9
 
PPC:
tomcat5-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: cb15bc3e37c77dded3356200e0bca3c6
SHA-256: 37f5717192c9e8cc708f95f2a2c0bf93d11c0f7cf1858b63f18d00e985744837
tomcat5-5.5.23-0jpp.22.el5_7.ppc64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 4ff02da29ac56fbc563f4513f115ba58
SHA-256: 8ae4fb41a1e850232a601566299640ae9ef32277c9848e31b82046955c633f6f
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: b57d400a315b0c434e6214ee38af5656
SHA-256: 4a85181d7716a0329b19ddbf747c8fa2b15fca7f0e53e0bd04cecd730bb6df7a
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8687f29ca579b811ef0adf3f2f76c727
SHA-256: b67d9ee41f55b94a9df142c792033c7b9310145d3cddcdd61404d5597c6d19cd
tomcat5-jasper-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: f5a40d4dbac6f373b56760e4d2fc1fab
SHA-256: 76e1c91b9dbaabd53e7f3d20a0f440dcf1c898fb37dfb27e232bcfd2d05208bd
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 730e94f8e0c1b7f9fe80ba5df6762b78
SHA-256: 22ab08147f98932f4ca2cbc43a511f7e13525762abc13e0dff2df51cee8569b1
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: e7e955b27efd52955414e5e0c6890c1d
SHA-256: 7f588923fdb0f2adc92d3505c7cb6c661c936b3970abf468feee2cc364c0ef37
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7a7d5bd7831c3b5ff1a34896da63d237
SHA-256: 966ee317d5fa34896cf121979d958b8a85944d528b0b0636a76a1517dc590d43
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 39eb2e0cfcec4e64f99ccc1e27d871e9
SHA-256: 2f245cf6eca3dcd39a84549bce252b7174781091a63c6e56ca38fc36783bf7b7
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3fdb10e843bc1f97257578a47a5223f5
SHA-256: 4173a0989ac06fd9520247f6ff3a9797421cecd071b987861425b2e554885f9c
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3c516217356b79b747d64c30ed8a7457
SHA-256: dc15f899967af732da66032aca16841936ff7a88773414980d4a049afd5aee20
tomcat5-webapps-5.5.23-0jpp.22.el5_7.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2c4433a01fdec393dd633a48c96a07ee
SHA-256: b9b05af3b45e3cd08aa4784da53ea347280c163bb578e1eb31bdd2289293794f
 
s390x:
tomcat5-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 903621f858d7f45a0a10090e43ce04e6
SHA-256: 2ce232a9f4dbef5d4905ba6a46b9d3c2e155b4a22f094a7ba0b98615956084ca
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: b6dea06205afebb7c42c0ddb0ed3c6e2
SHA-256: f099763c052c625d2e46426d1ffbaceac11371255a5be012c29a4584446bcfa0
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 672053d5a94cfe9678a77a1bfc8362f9
SHA-256: b1df936b820b4d356c121ed4318657d8d4c33f7d2df96435978ae089c62a7d5e
tomcat5-jasper-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 953cd7750b5f3377629cda0e674dfb2e
SHA-256: 33bf2dd3dca1fad8c17455405ac5f23fc8ef761ff31d5abdeb86ce363483bd4f
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 0cfc9839dfe0fc1f35d53bb372854fcf
SHA-256: 20bd86509976ed8d64969caa26d0e32522ec32cca1ce34988838bc43c864639a
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: c4eb2155d72bbd13df2dba420909d178
SHA-256: 03f0da594ae71b4e6f3c4286ff369e79364496ad24513872ab840868c4a131bd
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8f53bbf19164dcb073d8766ac02bc9fb
SHA-256: d5818881f92d5f778c645b2b81fd9683923ae9dbb516ab01ee44cdc0d99c9646
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3c78cca1d56467f2b60491efb0279536
SHA-256: af1ae3f045e5fb2e46640171e51aa80be24f4b1860406e356c30935799f88450
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8b29f983bf5bbe6a8f7f4b5529431724
SHA-256: c23ac10b755118d1c4fbc612f397a69618a27916e567e499a6078969241a61ce
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 271ece2761250bd2a1a06cedf7293927
SHA-256: bb8cd6efdc2bef7a3a73d0b61d6cdc04bb865048303677ae15ad9fd0ea44a78a
tomcat5-webapps-5.5.23-0jpp.22.el5_7.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: a88e4a3c5c111ac77ac9a3993f216ef6
SHA-256: a52b5dc78be60540395328774878d18fc27799ed82863924a2ef606f1f1993e9
 
x86_64:
tomcat5-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: f4f80a7005063a7b32aa1f4aaa64379d
SHA-256: d608e61a9406d22b8bd0fd71330d5aba62144e6185aa5c6a46f2326e5809a690
tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b9d3f4efe1ed44f6785c0e48a35c3b6a
SHA-256: e305f53d6ae71d1df80264d26468ec488fe76867d3b6b6c4898925d04b22db45
tomcat5-common-lib-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a180aa29d5cd7b3da8134444b9336bbe
SHA-256: d8c20a1b82ee9b25a69c801ff5fbe531f8ed07d4ecd1b7631e68e3aa28069392
tomcat5-jasper-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: df4d1ebd876a8c14718dea32ebd62edf
SHA-256: ae9d227a2ba9669d6a8d2e213b1883edf68f8d5ba73756d20f8f9f14976955ec
tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 39a3ec56ab7ac39bc6a0bfcb2f2128be
SHA-256: 3c18bfe9ec6cdcf4d05d5e070bc22abf2970ed7326b8ec6bbd9778f2be64fdcb
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2508e4afc93d3a8cd3bf5a7bbca8aeb2
SHA-256: bf0ff3af79141320aab9ba44d609b535d04fb74c75c14e373effd0e8dca5e78c
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: feb40d7e00209e2c09b2d949139f735c
SHA-256: a4d370c991c6b887a0717d5e0734d5be62f0016d6ec89b69d543a904a4be83d9
tomcat5-server-lib-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b1051c5ce5e5f94de91e09eda284db1b
SHA-256: 5426c0bfc34bfca59a7d398b2a0f790affb3a895c4bc33add6c13ff6fdcf97c7
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 07c2234768b8dc8709a6795ac060fe9c
SHA-256: cef35ab0ac04392e9a79f478beb586e503ad0122736186d17400870d2bad487e
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b9ac1848367766d11af28a37c43457e1
SHA-256: 2dfcb543bc76c77ea55fe54a411202b79e3674ee5882461fc89430ea24dfc6c9
tomcat5-webapps-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a451ba21127063a8b4229a8daebecdc2
SHA-256: 91e1ec32059f4e798ead44b1d98c78092129a88490dd4fab7edfee24fde8a984
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.22.el5_7.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: ec8f795d08fc4686685b1d6c4b47ba47
SHA-256: 82c2c3dcad7bd2b1df06fe1fbace5dd3463a93eecb76f92137f0dfcb7c6d72df
 
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: b383a9c173568ef4186e9946357f13cc
SHA-256: 093abe8d6233da81db63602ea978ff528797ef66e416dc1991ac9cf566177075
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 95338ec0575c09bb7711862b38ad1c7f
SHA-256: 9bf2ab33e71d5ee13dedbbe07ba422be551aa298cb9fb899cb2044d2f9d2ac0a
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2508e4afc93d3a8cd3bf5a7bbca8aeb2
SHA-256: bf0ff3af79141320aab9ba44d609b535d04fb74c75c14e373effd0e8dca5e78c
tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 07c2234768b8dc8709a6795ac060fe9c
SHA-256: cef35ab0ac04392e9a79f478beb586e503ad0122736186d17400870d2bad487e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
717013 - CVE-2011-2204 tomcat: password disclosure vulnerability
741401 - CVE-2011-1184 tomcat: Multiple weaknesses in HTTP DIGEST authentication


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/