Description: | Description: The remote host is missing an update to tomcat5.5 announced via advisory DSA 1447-1.
Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-3382
It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak.
CVE-2007-3385
It was discovered that the character sequence \ in cookies was handled incorrectly, which could lead to an information leak.
CVE-2007-3386
It was discovered that the host manager servlet performed insufficient input validation, which could lead to cross-site scripting.
CVE-2007-5342
It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites.
CVE-2007-5461
It was discovered that the WebDAV servlet is vulnerable to absolute path traversal.
For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1.
The old stable distribution (sarge) doesn't contain tomcat5.5.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your tomcat5.5 packages.
Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201447-1
CVSS Score: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
|