Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0328

The remote host is missing updates announced in
advisory RHSA-2007:0328.

Tomcat is a servlet container for Java Servlet and JavaServer Pages

Tomcat was found to accept multiple content-length headers in a
request. This could allow attackers to poison a web-cache, bypass web
application firewall protection, or conduct cross-site scripting attacks.

Tomcat permitted various characters as path delimiters. If Tomcat was used
behind certain proxies and configured to only proxy some contexts, an
attacker could construct an HTTP request to work around the context
restriction and potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples webapp displayed a
number of unfiltered header values. If the JSP examples are accessible,
this flaw could allow a remote attacker to perform cross-site scripting
attacks. (CVE-2006-7195)

Updated jakarta-commons-modeler packages which correct a bug when
used with Tomcat 5.5.23 are also included.

Users should upgrade to these erratum packages which contain an update to
Tomcat that resolves these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2090
BugTraq ID: 13873
BugTraq ID: 25159
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
Bugtraq: 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 (Google Search)
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2006-7195
BugTraq ID: 28481
Common Vulnerability Exposure (CVE) ID: CVE-2007-0450
BugTraq ID: 22960
Bugtraq: 20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal (Google Search)
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
XForce ISS Database: tomcat-proxy-directory-traversal(32988)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.