RHSA-2007:0360: Important: jbossas security update

First published: Thu May 24 2007(Updated: )

Tomcat is a servlet container for Java Servlet and JavaServer Pages<br>technologies.<br>This update addresses the following issues:<br>Tomcat was found to accept multiple content-length headers in a<br>request. This could allow attackers to poison a web-cache, bypass web<br>application firewall protection, or conduct cross-site scripting attacks. <br>(CVE-2005-2090)<br>Tomcat permitted various characters as path delimiters. If Tomcat was used<br>behind certain proxies and configured to only proxy some contexts, an<br>attacker could construct an HTTP request to work around the context<br>restriction and potentially access non-proxied content. (CVE-2007-0450)<br>Users should upgrade to these erratum packages, which contain an update to<br>jbossas to include a version of Tomcat that resolves these issues. Updated<br>jakarta-commons-modeler packages are also included which correct a bug when<br>used with Tomcat 5.5.23.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/severity
• agent/type
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2007:0360
• agent/trending
• agent/remedy
• agent/title
• agent/description
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/jboss
• canonical/jboss as
• vendor/apache
• canonical/tomcat