(RHSA-2007:0876) Moderate: tomcat security update

Tomcat is a servlet container for Java Servlet and Java Server Pages
technologies.

Tomcat incorrectly handled “Accept-Language” headers that do not conform to
RFC 2616. An attacker was able to perform cross-site scripting (XSS)
attacks in certain applications (CVE-2007-1358).

Some JSPs within the ‘examples’ web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the ‘examples’ web application not be installed on
a production system.

The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).

Tomcat was found treating single quote characters – ’ – as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character
sequence in a cookie: " (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).

Users of Tomcat should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.