Oval Definition:oval:org.mitre.oval:def:22631
Revision Date:2014-05-26Version:28
Title:ELSA-2007:0327: tomcat security update (Important)
Description:Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2005-2090
CVE-2006-7195
CVE-2007-0450
CVE-2007-1358
ELSA-2007:0327-01
Platform(s):Oracle Linux 5
Product(s):jakarta-commons-modeler
tomcat5
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • redhat-rpm-config is earlier than 0:8.0.45-17.0.1.el5
  • OR tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.1.0.3.el5
  • OR jakarta-commons-modeler-javadoc is earlier than 0:1.1-8jpp.1.0.2.el5
  • OR jakarta-commons-modeler is earlier than 0:1.1-8jpp.1.0.2.el5
    • BACK