There are several vulnerabilities in the Tomcat JSP/Servlet container
which affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9.

These issues may allow a remote or local unprivileged user to cause
a denial of service (DoS), inject arbitrary web script or HTML via
Cross-Site Scripting (XSS) attempts, read arbitrary files and
source code from the server, or obtain the installation path and
other sensitive information.

Additional information regarding these issues is available at:

������ * Apache Tomcat 4.x vulnerabilities:
http://tomcat.apache.org/security-4.html

������ * CVE-2002-1148 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148

������ * CVE-2002-1394 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394

������ * CVE-2002-2006 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006

������ * CVE-2003-0866 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866

������ * CVE-2005-2090 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

������ * CVE-2005-3164 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164

������ * CVE-2005-3510 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510

������ * CVE-2006-3835 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835

������ * CVE-2007-0450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450

������ * CVE-2007-1355 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355

������ * CVE-2007-1358 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358

������ * CVE-2007-2450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450

������ * CVE-2007-5461 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461

Permalink | Comments [0]