Oval Definition:oval:org.mitre.oval:def:12995
Revision Date:2014-06-30Version:20
Title:USN-899-1 -- tomcat6 vulnerabilities
Description:It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
USN-899-1
USN-899-1
Platform(s):Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
Product(s):tomcat6
Definition Synopsis
  • Release section
  • Ubuntu 8.10 is installed
  • AND Installed architecture is all
  • AND Packages section
  • libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6 DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6-common DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6-user DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu3.3
  • OR Release section
  • Ubuntu 9.10 is installed
  • AND Installed architecture is all
  • AND Packages section
  • libservlet2.5-java DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR libtomcat6-java DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6-docs DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR libservlet2.5-java-doc DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6 DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6-admin DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6-common DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6-user DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR tomcat6-examples DPKG is earlier than 6.0.20-2ubuntu2.1
  • OR Release section
  • Ubuntu 9.04 is installed
  • AND Installed architecture is all
  • AND Packages section
  • libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR libservlet2.5-java-doc DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6 DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6-common DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6-user DPKG is earlier than 6.0.18-0ubuntu6.2
  • OR tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu6.2
    • BACK