Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.
c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65VMware Security Advisory - Updated Tomcat and JRE security updates have been issued for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1.
d70ad50277bcd17773dae218bfe21840a7f7e10fd23649fa024d2109224a5aa9Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in Tomcat 5. These issues include directory traversal, cross site scripting, and information disclosure flaws.
fc928971bbba5d3ec38a4c957bde2d5e37d0286c0cd61065975c4ce864e7e40aHP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
85ce851efccb71b60d9f0e47f9402e4ce2d6740afac5c78fc233d8379f869bc3Gentoo Linux Security Advisory GLSA 200705-03 - Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Versions less than 5.5.22 are affected.
af5ff8f4aba2e8e66a38f61809dad3fef6df6019b9e4b4050eaf522de529babcSEC Consult Security Advisory 20070314-0 - If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat.
ae0accd7dd41279f8531f981d7995776526f842a5d6e404b34ae2a7019a86a97
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed