Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal
Steffen Joeris
steffen.joeris at skolelinux.de
Sun Aug 10 07:32:44 UTC 2008
Package: tomcat5.5
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for tomcat5.5.
CVE-2008-1232[0]:
| Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0
| through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows
| remote attackers to inject arbitrary web script or HTML via a crafted
| string that is used in the message argument to the
| HttpServletResponse.sendError method.
CVE-2008-2370[1]:
| Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0
| through 6.0.16, when a RequestDispatcher is used, performs path
| normalization before removing the query string from the URI, which
| allows remote attackers to conduct directory traversal attacks and
| read arbitrary files via a .. (dot dot) in a request parameter.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
Also see the tomcat5.5 summary page[2].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
http://security-tracker.debian.net/tracker/CVE-2008-1232
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://security-tracker.debian.net/tracker/CVE-2008-2370
[2] http://tomcat.apache.org/security-5.html
More information about the pkg-java-maintainers
mailing list