Product: Solaris 9 Operating System Solaris 10 Operating System OpenSolaris There are five security vulnerabilities in the Tomcat JSP/Servlet container that
affect Tomcat 5.5 bundled in Solaris 9 and Solaris 10 and Tomcat 6 bundled in OpenSolaris.
The first vulnerability, Directory Traversal issue (CVE-2008-5515), may allow a remote
unprivileged user who provides a specially crafted request to a servlet which is using a
RequestDispatcher object to bypass access control and gain access to unauthorized data.
The second security vulnerability is Denial of Service (CVE-2009-0033). A remote
unprivileged user who provides specially crafted requests to Tomcat via the
AJP (Apache JServ Protocol) connector when it's being used with Apache mod_jk load
balancing, may cause Denial of Service (DoS) to this Tomcat service.
The third vulnerability, bypassing access control (CVE-2009-0580), may allow a remote
unprivileged user who provides a specially crafted URL to bypass access control and
gain access to unauthorized data when FORM based authentication is used with
the MemoryRealm, the DataSourceRealm or JDBCRealm.
The fourth vulnerability, Cross Site Scripting (CVE-2009-0781), may allow a remote
unprivileged user who provides a specially crafted HTTP request to the Tomcat example
JSP application Calendar to inject arbitrary web script and thus gain access to unauthorized data.
The fifth vulnerability, bypassing access control (CVE-2009-0783), may allow a user who
has been granted permission to provide web applications which are served by the Tomcat
instance, to view and modify content of other installed web applications by providing a crafted application.
Additional information regarding these issues is available at:
State: Resolved First released: 09-Jul-2009
Permalink
|
|
