- Home
- CVEs with nessus.description==An+updated+tomcat+package+that+fixes+several+security+issues+is+now+available+for+Red+Hat+Network+Satellite+Server+5.1.%0A%0AThis+update+has+been+rated+as+having+low+security+impact+by+the+Red+Hat+Security+Response+Team.%0A%0AApache+Tomcat+is+a+servlet+container+for+the+Java+Servlet+and+JavaServer+Pages+%28JSP%29+technologies.%0A%0AThis+update+corrects+several+security+vulnerabilities+in+the+Tomcat+component+shipped+as+part+of+Red+Hat+Network+Satellite+Server.+In+a+typical+operating+environment%2C+Tomcat+is+not+exposed+to+users+of+Satellite+Server+in+a+vulnerable+manner%3A+By+default%2C+only+Satellite+Server+applications+are+running+on+Tomcat.+This+update+will+reduce+risk+in+unique+Satellite+Server+environments.%0A%0AIt+was+discovered+that+request+dispatchers+did+not+properly+normalize+user+requests+that+have+trailing+query+strings%2C+allowing+remote+attackers+to+send+specially+crafted+requests+that+would+cause+an+information+leak.+%28CVE-2008-5515%29%0A%0AA+flaw+was+found+in+the+way+the+Tomcat+AJP+%28Apache+JServ+Protocol%29+connector+processes+AJP+connections.+An+attacker+could+use+this+flaw+to+send+specially+crafted+requests+that+would+cause+a+temporary+denial+of+service.+%28CVE-2009-0033%29%0A%0AIt+was+discovered+that+web+applications+containing+their+own+XML+parsers+could+replace+the+XML+parser+Tomcat+uses+to+parse+configuration+files.+A+malicious+web+application+running+on+a+Tomcat+instance+could+read+or%2C+potentially%2C+modify+the+configuration+and+XML-based+data+of+other+web+applications+deployed+on+the+same+Tomcat+instance.+%28CVE-2009-0783%29%0A%0AUsers+of+Red+Hat+Network+Satellite+Server+5.1+are+advised+to+upgrade+to+this+updated+tomcat+package%2C+which+contains+backported+patches+to+resolve+these+issues.+Tomcat+must+be+restarted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top