First published: Thu May 24 2007(Updated: )
Tomcat is a servlet container for Java Servlet and JavaServer Pages<br>technologies.<br>This update addresses the following issues:<br>Tomcat was found to accept multiple content-length headers in a<br>request. This could allow attackers to poison a web-cache, bypass web<br>application firewall protection, or conduct cross-site scripting attacks. <br>(CVE-2005-2090)<br>Tomcat permitted various characters as path delimiters. If Tomcat was used<br>behind certain proxies and configured to only proxy some contexts, an<br>attacker could construct an HTTP request to work around the context<br>restriction and potentially access non-proxied content. (CVE-2007-0450)<br>Users should upgrade to these erratum packages, which contain an update to<br>jbossas to include a version of Tomcat that resolves these issues. Updated<br>jakarta-commons-modeler packages are also included which correct a bug when<br>used with Tomcat 5.5.23.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.