Which JDK are you using, and do those vulnerabilities apply to that *specific* JDK?
They are all Java vuls, not Tomcat vuls. - Peter > -----Original Message----- > From: Gozde Aytan [mailto:[EMAIL PROTECTED] > Sent: 23 October 2008 12:32 > To: users@tomcat.apache.org > Subject: Tomcat 5.5.26 Vulnerability - Test > > Dear all, > > In our project, we are using Tomcat 5.5.26 and as it is > reported that some > vulnerabilities have been found. So, I just want to test our > system if these > vulnerabilties are exploited in our side or not. But I do not > know how to > test? Is there someone else who could help me in testing (how > to generate) > any of the following cases below? If at least one of them can > be tested and > resulted failure, that means Tomcat will be upgraded. > > Any help will be appreciated. > Thanks. > > 1) An error in the Java Runtime Environment Virtual Machine > can be exploited > by a malicious, untrusted applet to read and write local > files and execute > local applications. > > 2) An error in the Java Management Extensions (JMX) > management agent can be > exploited by a JMX client to perform certain unauthorized > operations on a > system running JMX with local monitoring enabled. > > 3) Two errors within the scripting language support in the > Java Runtime > Environment can be exploited by malicious, untrusted applets to access > information from another applet, read and write local files, > and execute > local applications. > > 4) Boundary errors in Java Web Start can be exploited by an > untrusted Java > Web Start applications to cause buffer overflows. > > 5) Three errors in Java Web Start can be exploited by an > untrusted Java Web > Start applications to create or delete arbitrary files with > the privileges > of the user running the untrusted Java Web Start application, or to > determine the location of the Java Web Start cache. > > 6) An error in the implementation of Secure Static Versioning > allows applets > to run on an older release of JRE. > > 7) Errors in the Java Runtime Environment can be exploited by > an untrusted > applet to bypass the same origin policy and establish socket > connections to > certain services running on the local host. > > 8) An error in the Java Runtime Environment when processing > certain XML data > can be exploited to allow unauthorized access to certain URL > resources or > cause a DoS. > Successful exploitation requires the JAX-WS client or service > in a trusted > application to process the malicious XML data. > > 9) An error in the Java Runtime Environment when processing > certain XML data > can be exploited by an untrusted applet or application to > gain unauthorized > access to certain URL resources. > > 10) A boundary error when processing fonts in the Java > Runtime Environment > can be exploited to cause a buffer overflow. > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]