Oval Definition:oval:org.mitre.oval:def:23165
Revision Date:2014-05-26Version:13
Title:ELSA-2013:0870: tomcat5 security update (Important)
Description:The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2013-1976
ELSA-2013:0870-00
Platform(s):Oracle Linux 5
Product(s):tomcat5
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.40.el5_9
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
    • BACK