Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0326

The remote host is missing updates announced in
advisory RHSA-2007:0326.

Tomcat is a servlet container for Java Servlet and JavaServer Pages

Tomcat was found to accept multiple content-length headers in a
request. This could allow attackers to poison a web-cache, bypass web
application firewall protection, or conduct cross-site scripting attacks.

Tomcat permitted various characters as path delimiters. If Tomcat was used
behind certain proxies and configured to only proxy some contexts, an
attacker could construct an HTTP request to work around the context
restriction and potentially access non-proxied content. (CVE-2007-0450)

Several applications distributed in the JSP examples displayed unfiltered
values. If the JSP examples are accessible, these flaws could allow a
remote attacker to perform cross-site scripting attacks. (CVE-2006-7195,

The default Tomcat configuration permitted the use of insecure
SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858)

Directory listings were enabled by default in Tomcat. Information stored
unprotected under the document root was visible to anyone if the
administrator did not disable directory listings. (CVE-2006-3835)

Users should upgrade to these erratum packages which contain Tomcat version
5.5.23 that resolves these issues. Updated jakarta-commons-modeler
packages are also included which correct a bug when used with Tomcat 5.5.23.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2090
BugTraq ID: 13873
BugTraq ID: 25159
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
Bugtraq: 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 (Google Search)
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2006-3835
BugTraq ID: 19106
Bugtraq: 20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express (Google Search)
Bugtraq: 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities (Google Search)
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
XForce ISS Database: apache-tomcat-url-information-disclosure(27902)
XForce ISS Database: nokia-tomcat-source-code-disclosure(34183)
Common Vulnerability Exposure (CVE) ID: CVE-2006-7195
BugTraq ID: 28481
Common Vulnerability Exposure (CVE) ID: CVE-2006-7196
BugTraq ID: 25531
Bugtraq: 20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (Google Search)
Bugtraq: 20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-0450
BugTraq ID: 22960
Bugtraq: 20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal (Google Search)
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
XForce ISS Database: tomcat-proxy-directory-traversal(32988)
Common Vulnerability Exposure (CVE) ID: CVE-2007-1858
BugTraq ID: 28482
BugTraq ID: 64758
HPdes Security Advisory: HPSBMU02744
HPdes Security Advisory: SSRT100776
SuSE Security Announcement: SUSE-SR:2008:007 (Google Search)
XForce ISS Database: tomcat-ssl-security-bypass(34212)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.