Tomcat; Rhsa-2009:1164: Important Security Update - Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES Manual

Chapter 1. Package Updates

1.226. tomcat

1.226.1. RHSA-2009:1164: Important security update

Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1164
errata
Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise
Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response
Team.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible
flaws in the way Tomcat handles certain characters and character sequences in cookie values. A
remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use
this information for session hijacking attacks.
Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: with
this update, version 0 cookies that contain values that must be quoted to be valid are automatically
changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following
entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user requests that have trailing
query strings, allowing remote attackers to send specially-crafted requests that would cause an
information leak. (CVE-2008-5515
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP
connections. An attacker could use this flaw to send specially-crafted requests that would cause a
temporary denial of service.
It was discovered that the error checking methods of certain authentication classes did not have
sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames
registered with applications running on Tomcat when FORM-based authentication was used.
1739
(CVE-2009-0580 )
A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web
browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time"
parameter. (CVE-2009-0781
It was discovered that web applications containing their own XML parsers could replace the XML
parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat
1736
https://www.redhat.com/security/data/cve/CVE-2007-5333.html
1737
https://www.redhat.com/security/data/cve/CVE-2008-5515.html
1738
https://www.redhat.com/security/data/cve/CVE-2009-0033.html
1739
https://www.redhat.com/security/data/cve/CVE-2009-0580.html
1740
https://www.redhat.com/security/data/cve/CVE-2009-0781.html
248
1735
(CVE-2007-5333
1737
)
1738
(CVE-2009-0033 )
1740
)
1736
)