- Vulnerability/
- RHSA-2007:0328
RHSA-2007:0328: Important: tomcat security update
First published: Thu May 24 2007(Updated: )
Tomcat is a servlet container for Java Servlet and JavaServer Pages<br>technologies.<br>Tomcat was found to accept multiple content-length headers in a<br>request. This could allow attackers to poison a web-cache, bypass web<br>application firewall protection, or conduct cross-site scripting attacks. <br>(CVE-2005-2090)<br>Tomcat permitted various characters as path delimiters. If Tomcat was used<br>behind certain proxies and configured to only proxy some contexts, an<br>attacker could construct an HTTP request to work around the context<br>restriction and potentially access non-proxied content. (CVE-2007-0450)<br>The implict-objects.jsp file distributed in the examples webapp displayed a<br>number of unfiltered header values. If the JSP examples are accessible,<br>this flaw could allow a remote attacker to perform cross-site scripting<br>attacks. (CVE-2006-7195)<br>Updated jakarta-commons-modeler packages which correct a bug when<br>used with Tomcat 5.5.23 are also included.<br>Users should upgrade to these erratum packages which contain an update to<br>Tomcat that resolves these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2007:0328