------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#18 ------------------------------------------------------------
Name: tomcat Date: 2007-03-17 Severity: Normal Warning #: 2007-#18 ------------------------------------------------------------ Product Background =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Problem Background =================== * The only character found to be accepted as directory separator from Apache is "/" (slash). * On the other hand Tomcat allows characters including URI encoded characters like "/" (slash), "\" (backslash) or "%5C" (backslash URI encoded). This allowing an attacker to utilize directory traversing attack methods. Depending on the configuration HTTP requests, including strings like "/\../" allow attackers to break out of the given context- and directory structures. Impact ========== If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat. Problem Packages =================== Package: tomcat Repo: extra Group: network Unsafe: < 5.2.22 Safe: >= 5.2.22 Package Fix =================== Upgrade to 5.2.23. Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 http://www.securityfocus.com/archive/1/462791/30/60/threaded http://bugs.archlinux.org/task/6616 Contact =================== JJDaNiMoTh < jjdanimoth AT gmail DOT com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
