LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tomcat6: multiple vulnerabilities

Package(s):tomcat6 CVE #(s):CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
Created:February 12, 2010 Updated:December 28, 2012
Description: From the Ubuntu advisory:

It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.

Alerts:
Debian DSA-2207-1 2011-03-30
Pardus 2011-38 2011-02-14
Mandriva MDVSA-2010:177 2010-09-12
Mandriva MDVSA-2010:176 2010-09-12
CentOS CESA-2010:0580 2010-08-03
Red Hat RHSA-2010:0582-01 2010-08-02
Red Hat RHSA-2010:0580-01 2010-08-02
SuSE SUSE-SR:2010:008 2010-04-07
Ubuntu USN-899-1 2010-02-11
Gentoo 201206-24 2012-06-24
openSUSE openSUSE-SU-2012:1701-1 2012-12-27
openSUSE openSUSE-SU-2012:1700-1 2012-12-27
openSUSE openSUSE-SU-2013:0147-1 2013-01-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds