Oval Definition:oval:com.redhat.rhsa:def:20070569
Revision Date:2007-07-17Version:635
Title:RHSA-2007:0569: tomcat security update (Moderate)
Description:Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies.

Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Users of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2007-2449
CVE-2007-2450
RHSA-2007:0569
RHSA-2007:0569-01
RHSA-2007:0569-01
Platform(s):Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • tomcat5 is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5 is signed with Red Hat redhatrelease2 key
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-admin-webapps is signed with Red Hat redhatrelease2 key
  • tomcat5-common-lib is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-common-lib is signed with Red Hat redhatrelease2 key
  • tomcat5-jasper is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-jasper is signed with Red Hat redhatrelease2 key
  • tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-jasper-javadoc is signed with Red Hat redhatrelease2 key
  • tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-jsp-2.0-api is signed with Red Hat redhatrelease2 key
  • tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease2 key
  • tomcat5-server-lib is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-server-lib is signed with Red Hat redhatrelease2 key
  • tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-servlet-2.4-api is signed with Red Hat redhatrelease2 key
  • tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease2 key
  • tomcat5-webapps is earlier than 0:5.5.23-0jpp.1.0.4.el5
  • AND tomcat5-webapps is signed with Red Hat redhatrelease2 key
    • BACK