Oval Definition:oval:org.mitre.oval:def:21136
Revision Date:2014-02-17Version:11
Title:RHSA-2013:0870: tomcat5 security update (Important)
Description:The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:0870
CVE-2013-1976
RHSA-2013:0870-00
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):tomcat5
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
    • BACK