Full Disclosure mailing list archives

Re: [ MDVSA-2010:176 ] tomcat5

From: "Raj Mathur (राज माथुर)" <raju () linux-delhi org>
Date: Mon, 13 Sep 2010 08:49:14 +0530

On Sunday 12 Sep 2010, security () mandriva com wrote:

 Package : tomcat5

 Multiple vulnerabilities has been found and corrected in tomcat5:

 Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0
 through 4.1.36 does not properly handle (1) double quote (")
characters or (2) \%5C (encoded backslash) sequences in a cookie
value, which might cause sensitive information such as session IDs
to be leaked to remote attackers and enable session hijacking
attacks.  NOTE: this issue exists because of an incomplete fix for
CVE-2007-3385 (CVE-2007-5333).

 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
through 6.0.18, and possibly earlier versions normalizes the target
pathname before filtering the query string when using the
RequestDispatcher method, which allows remote attackers to bypass
intended access restrictions and conduct directory traversal attacks
via .. (dot dot) sequences and the WEB-INF directory in a Request
(CVE-2008-5515).


Please correct the package name in the vulnerability report.

Regards,

-- Raj
-- 
Raj Mathur                raju () kandalaya org      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[ MDVSA-2010:176 ] tomcat5 security (Sep 12)
- Re: [ MDVSA-2010:176 ] tomcat5 Raj Mathur (राज माथुर) (Sep 12)