Oval Definition:oval:org.mitre.oval:def:21729
Revision Date:2014-05-26Version:28
Title:ELSA-2008:0648: tomcat security update (Important)
Description:Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-1232
CVE-2008-1947
CVE-2008-2370
CVE-2008-2938
ELSA-2008:0648-01
Platform(s):Oracle Linux 5
Product(s):tomcat5
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_2.1
    • BACK