Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2009:1454
HistorySep 21, 2009 - 12:00 a.m.

(RHSA-2009:1454) Important: tomcat5 security update

2009-09-2100:00:00
access.redhat.com
20

EPSS

0.971

Percentile

99.8%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was discovered that Tomcat does not properly handle a certain character
and character sequence in cookie values. A remote attacker could use this
flaw to obtain sensitive information, such as session IDs, and then use
this information for session hijacking attacks. (CVE-2007-5333)

Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: With this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the “/etc/tomcat5/catalina.properties” file:

org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false

It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)

A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)

It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)

It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5noarchtomcat5-webapps< 5.5.23-0jpp.9.6.ep5.el5tomcat5-webapps-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-admin-webapps< 5.5.23-0jpp.9.6.ep5.el5tomcat5-admin-webapps-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5< 5.5.23-0jpp.9.6.ep5.el5tomcat5-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-servlet-2.4-api< 5.5.23-0jpp.9.6.ep5.el5tomcat5-servlet-2.4-api-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-jasper-javadoc< 5.5.23-0jpp.9.6.ep5.el5tomcat5-jasper-javadoc-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-server-lib< 5.5.23-0jpp.9.6.ep5.el5tomcat5-server-lib-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-jsp-2.0-api< 5.5.23-0jpp.9.6.ep5.el5tomcat5-jsp-2.0-api-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5noarchtomcat5-jasper< 5.5.23-0jpp.9.6.ep5.el5tomcat5-jasper-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
RedHat5srctomcat5< 5.5.23-0jpp.9.6.ep5.el5tomcat5-5.5.23-0jpp.9.6.ep5.el5.src.rpm
RedHat5noarchtomcat5-servlet-2.4-api-javadoc< 5.5.23-0jpp.9.6.ep5.el5tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.6.ep5.el5.noarch.rpm
Rows per page:
1-10 of 121

Related

nessus 44
openvas 55
redhat 7
securityvulns 11
oraclelinux 1
centos 1
tomcat 7
fedora 6
ubuntu 1
altlinux 2
debian 1
seebug 3
jvn 3
prion 6
osv 6
github 6
cve 6
veracode 5
nvd 6
packetstorm 2
ubuntucve 6
cvelist 6
exploitdb 2
metasploit 1
d2 1
debiancve 1
ibm 1
gentoo 2
nessus
nessus
RHEL 4 : tomcat in Satellite Server (RHSA-2009:1617)
2010-01-10 00:00:00
RHEL 4 : tomcat in Satellite Server (RHSA-2009:1616)
2010-01-10 00:00:00
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1563
2009-11-11 00:00:00
RedHat Security Advisory RHSA-2009:1563
2009-11-11 00:00:00
Apache Tomcat Multiple Vulnerabilities (Jun 2009)
2009-06-16 00:00:00
redhat
redhat
(RHSA-2009:1616) Low: tomcat security update for Red Hat Network Satellite Server
2009-11-30 00:00:00
(RHSA-2009:1563) Important: tomcat security update
2009-11-09 00:00:00
(RHSA-2009:1506) Important: tomcat6 security update
2009-10-14 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2009-06-14 00:00:00
HP Performance Manager multiple security vulnerabilities
2010-05-20 00:00:00
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;
2010-05-20 00:00:00
oraclelinux
oraclelinux
tomcat security update
2009-07-21 00:00:00
centos
centos
tomcat5 security update
2009-07-29 17:30:22
tomcat
tomcat
Fixed in Apache Tomcat 4.1.40
2008-12-12 00:00:00
Fixed in Apache Tomcat 5.5.28
2009-09-04 00:00:00
Fixed in Apache Tomcat 6.0.20
2009-06-03 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: tomcat6-6.0.20-1.fc12
2009-11-27 21:50:49
[SECURITY] Fedora 10 Update: tomcat6-6.0.20-1.fc10
2009-11-27 21:56:48
[SECURITY] Fedora 11 Update: tomcat6-6.0.20-1.fc11
2009-11-27 21:36:22
ubuntu
ubuntu
Tomcat vulnerabilities
2009-06-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.27-alt4_7.4jpp5
2010-03-19 00:00:00
Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.18-alt6_8jpp5
2010-01-14 00:00:00
debian
debian
[SECURITY] [DSA 2207-1] tomcat5.5 security update
2011-03-29 22:35:34
seebug
seebug
Apache Tomcat Java AJP连接器无效头拒绝服务漏洞
2009-06-05 00:00:00
Apache Tomcat表单认证用户名枚举漏洞
2009-06-05 00:00:00
Apache Tomcat XML解析器非授权文件读写漏洞
2009-06-09 00:00:00
jvn
jvn
JVN#87272440: Apache Tomcat denial of service (DoS) vulnerability
2009-06-09 00:00:00
JVN#63832775: Apache Tomcat information disclosure vulnerability
2009-06-09 00:00:00
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
prion
prion
Design/Logic Flaw
2009-06-05 16:00:00
Directory traversal
2009-06-16 21:00:00
Authentication flaw
2009-06-05 16:00:00
osv
osv
Apache Tomcat Denial of Service via Malformed Request Headers
2022-05-02 03:12:29
Exposure of Sensitive Information in Apache Tomcat
2022-05-02 03:16:43
Directory Traversal in Apache Tomcat
2022-05-14 01:17:23
github
github
Apache Tomcat Denial of Service via Malformed Request Headers
2022-05-02 03:12:29
Directory Traversal in Apache Tomcat
2022-05-14 01:17:23
Exposure of Sensitive Information in Apache Tomcat
2022-05-02 03:16:43
cve
cve
CVE-2009-0033
2009-06-05 16:00:00
CVE-2009-0580
2009-06-05 16:00:00
CVE-2008-5515
2009-06-16 21:00:00
veracode
veracode
Directory Traversal
2018-11-09 02:57:46
Denial Of Service (DoS)
2019-03-25 08:40:42
Information Disclosure
2018-11-09 03:18:48
nvd
nvd
CVE-2008-5515
2009-06-16 21:00:00
CVE-2009-0033
2009-06-05 16:00:00
CVE-2009-0580
2009-06-05 16:00:00
packetstorm
packetstorm
Apache Tomcat Information Disclosure
2009-06-09 00:00:00
Apache Tomcat User Enumeration
2024-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2008-5515
2009-06-16 00:00:00
CVE-2009-0033
2009-06-05 00:00:00
CVE-2009-0580
2009-06-05 00:00:00
cvelist
cvelist
CVE-2008-5515
2009-06-16 20:26:00
CVE-2009-0033
2009-06-05 15:25:00
CVE-2009-0580
2009-06-05 15:25:00
exploitdb
exploitdb
Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing &#039;Username&#039; Enumeration
2009-06-03 00:00:00
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
metasploit
metasploit
Apache Tomcat User Enumeration
2010-07-08 23:34:50
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_ENUMUSER
2009-06-05 16:00:00
debiancve
debiancve
CVE-2011-2481
2011-08-15 21:55:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00

EPSS

0.971

Percentile

99.8%

JSON
Related for RHSA-2009:1454
nessus44openvas55redhat7securityvulns11oraclelinux1centos1tomcat7fedora6ubuntu1altlinux2debian1seebug3jvn3prion6osv6github6cve6veracode5nvd6packetstorm2ubuntucve6cvelist6exploitdb2metasploit1d21debiancve1ibm1gentoo2