[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [ MDVSA-2010:176 ] tomcat5
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [ MDVSA-2010:176 ] tomcat5
- From: "Raj Mathur (राज माथुर)" <raju@xxxxxxxxxxxxxxx>
- Date: Mon, 13 Sep 2010 08:49:14 +0530
On Sunday 12 Sep 2010, security@xxxxxxxxxxxx wrote:
> Package : tomcat5
>
> Multiple vulnerabilities has been found and corrected in tomcat5:
>
> Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0
> through 4.1.36 does not properly handle (1) double quote (")
> characters or (2) \%5C (encoded backslash) sequences in a cookie
> value, which might cause sensitive information such as session IDs
> to be leaked to remote attackers and enable session hijacking
> attacks. NOTE: this issue exists because of an incomplete fix for
> CVE-2007-3385 (CVE-2007-5333).
>
> Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
> through 6.0.18, and possibly earlier versions normalizes the target
> pathname before filtering the query string when using the
> RequestDispatcher method, which allows remote attackers to bypass
> intended access restrictions and conduct directory traversal attacks
> via .. (dot dot) sequences and the WEB-INF directory in a Request
> (CVE-2008-5515).
Please correct the package name in the vulnerability report.
Regards,
-- Raj
--
Raj Mathur raju@xxxxxxxxxxxxx http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/