Description: | Description:
The remote host is missing an update to tomcat5 announced via advisory FEDORA-2007-3456.
Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7.
References: [ 1 ] Bug #244810 - CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7] https://bugzilla.redhat.com/show_bug.cgi?id=244810 [ 2 ] Bug #244804 - CVE-2007-2449 tomcat examples jsp XSS https://bugzilla.redhat.com/show_bug.cgi?id=244804 [ 3 ] Bug #247994 - CVE-2007-3386 tomcat host manager xss https://bugzilla.redhat.com/show_bug.cgi?id=247994 [ 4 ] Bug #247972 - CVE-2007-3382 tomcat handling of cookies https://bugzilla.redhat.com/show_bug.cgi?id=247972 [ 5 ] Bug #244803 - CVE-2007-1358 tomcat accept-language xss flaw https://bugzilla.redhat.com/show_bug.cgi?id=244803 [ 6 ] Bug #244808 - CVE-2007-2450 tomcat host manager XSS https://bugzilla.redhat.com/show_bug.cgi?id=244808 [ 7 ] Bug #247976 - CVE-2007-3385 tomcat handling of cookie values https://bugzilla.redhat.com/show_bug.cgi?id=247976 [ 8 ] Bug #253166 - CVE-2007-1355 tomcat XSS in samples https://bugzilla.redhat.com/show_bug.cgi?id=253166
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update tomcat5' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-3456
Risk factor : Medium
CVSS Score: 4.3
|