Oval Definition:oval:org.mitre.oval:def:22721
Revision Date:2014-05-26Version:36
Title:ELSA-2009:1164: tomcat security update (Important)
Description:Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2007-5333
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
ELSA-2009:1164-01
Platform(s):Oracle Linux 5
Product(s):tomcat5
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2
    • BACK