Re: [ MDVSA-2010:176 ] tomcat5

["Raj Mathur (राज माथुर)" <raju () linux-delhi org>]

On Sunday 12 Sep 2010, security () mandriva com wrote:
>  Package : tomcat5
>
>  Multiple vulnerabilities has been found and corrected in tomcat5:
>
>  Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0
>  through 4.1.36 does not properly handle (1) double quote (")
> characters or (2) \%5C (encoded backslash) sequences in a cookie
> value, which might cause sensitive information such as session IDs
> to be leaked to remote attackers and enable session hijacking
> attacks.  NOTE: this issue exists because of an incomplete fix for
> CVE-2007-3385 (CVE-2007-5333).
>
>  Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
> through 6.0.18, and possibly earlier versions normalizes the target
> pathname before filtering the query string when using the
> RequestDispatcher method, which allows remote attackers to bypass
> intended access restrictions and conduct directory traversal attacks
> via .. (dot dot) sequences and the WEB-INF directory in a Request
> (CVE-2008-5515).

Please correct the package name in the vulnerability report.

Regards,

-- Raj
-- 
Raj Mathur                raju () kandalaya org      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/