User: Password:
Subscribe / Log in / New account

tomcat: multiple vulnerabilities

Package(s):tomcat5 CVE #(s):CVE-2009-2696 CVE-2010-2227
Created:August 3, 2010 Updated:February 14, 2011
Description: From the Red Hat advisory:

The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-2696)

A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially-crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)

Gentoo 201206-24 tomcat 2012-06-24
Pardus 2011-38 tomcat-servlet-api 2011-02-14
Fedora FEDORA-2010-16528 tomcat6 2010-10-20
Fedora FEDORA-2010-16248 tomcat6 2010-10-14
Fedora FEDORA-2010-16270 tomcat6 2010-10-14
openSUSE openSUSE-SU-2010:0616-1 tomcat 2010-09-16
SUSE SUSE-SR:2010:017 java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12 2010-09-21
Mandriva MDVSA-2010:177 tomcat5 2010-09-12
Mandriva MDVSA-2010:176 tomcat5 2010-09-12
Ubuntu USN-976-1 tomcat6 2010-08-25
CentOS CESA-2010:0580 tomcat5 2010-08-03
Red Hat RHSA-2010:0583-01 tomcat5 2010-08-02
Red Hat RHSA-2010:0582-01 tomcat5 2010-08-02
Red Hat RHSA-2010:0580-01 tomcat5 2010-08-02

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds