Which JDK are you using, and do those vulnerabilities apply to that *specific*
JDK?
They are all Java vuls, not Tomcat vuls.
- Peter
> -----Original Message-----
> From: Gozde Aytan [mailto:[EMAIL PROTECTED]
> Sent: 23 October 2008 12:32
> To: users@tomcat.apache.org
> Subject: Tomcat 5.5.26 Vulnerability - Test
>
> Dear all,
>
> In our project, we are using Tomcat 5.5.26 and as it is
> reported that some
> vulnerabilities have been found. So, I just want to test our
> system if these
> vulnerabilties are exploited in our side or not. But I do not
> know how to
> test? Is there someone else who could help me in testing (how
> to generate)
> any of the following cases below? If at least one of them can
> be tested and
> resulted failure, that means Tomcat will be upgraded.
>
> Any help will be appreciated.
> Thanks.
>
> 1) An error in the Java Runtime Environment Virtual Machine
> can be exploited
> by a malicious, untrusted applet to read and write local
> files and execute
> local applications.
>
> 2) An error in the Java Management Extensions (JMX)
> management agent can be
> exploited by a JMX client to perform certain unauthorized
> operations on a
> system running JMX with local monitoring enabled.
>
> 3) Two errors within the scripting language support in the
> Java Runtime
> Environment can be exploited by malicious, untrusted applets to access
> information from another applet, read and write local files,
> and execute
> local applications.
>
> 4) Boundary errors in Java Web Start can be exploited by an
> untrusted Java
> Web Start applications to cause buffer overflows.
>
> 5) Three errors in Java Web Start can be exploited by an
> untrusted Java Web
> Start applications to create or delete arbitrary files with
> the privileges
> of the user running the untrusted Java Web Start application, or to
> determine the location of the Java Web Start cache.
>
> 6) An error in the implementation of Secure Static Versioning
> allows applets
> to run on an older release of JRE.
>
> 7) Errors in the Java Runtime Environment can be exploited by
> an untrusted
> applet to bypass the same origin policy and establish socket
> connections to
> certain services running on the local host.
>
> 8) An error in the Java Runtime Environment when processing
> certain XML data
> can be exploited to allow unauthorized access to certain URL
> resources or
> cause a DoS.
> Successful exploitation requires the JAX-WS client or service
> in a trusted
> application to process the malicious XML data.
>
> 9) An error in the Java Runtime Environment when processing
> certain XML data
> can be exploited by an untrusted applet or application to
> gain unauthorized
> access to certain URL resources.
>
> 10) A boundary error when processing fonts in the Java
> Runtime Environment
> can be exploited to cause a buffer overflow.
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
