| Description: | Description:
The remote host is missing an update to tomcat5
announced via advisory MDVSA-2011:030.
Multiple vulnerabilities has been found and corrected in tomcat5:
When running under a SecurityManager, access to the file system is
limited but web applications are granted read/write permissions to
the work directory. This directory is used for a variety of temporary
files such as the intermediate files generated when compiling JSPs
to Servlets. The location of the work directory is specified by
a ServletContect attribute that is meant to be read-only to web
applications. However, due to a coding error, the read-only setting
was not applied. Therefore, a malicious web application may modify
the attribute before Tomcat applies the file permissions. This can be
used to grant read/write permissions to any area on the file system
which a malicious web application may then take advantage of. This
vulnerability is only applicable when hosting web applications from
untrusted sources such as shared hosting environments (CVE-2010-3718).
The HTML Manager interface displayed web applciation provided data,
such as display names, without filtering. A malicious web application
could trigger script execution by an administartive user when viewing
the manager pages (CVE-2011-0013).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:030
Risk factor : Medium
CVSS Score:
4.3
|
