HP Security Bulletin HPSBST02955 2 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 2 of this advisory.
89e81c1ac8b82e8cd63e41150737cbd9
HP Security Bulletin HPSBST02955 - Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.
2c9338f86cc4928d8dbc40a966e7becf
CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-site scripting vulnerability.
1e036fb07d36c1056abf8b550e0b1e10
VMware Security Advisory - Update for VirtualCenter updates the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
0e7bda8c8e798cc84f69686f39b48135
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
1dd7e90e5dc309f630820d66164b337f
The WiKID Strong Authentication server has released an update for the Tomcat server associated with this software. It updates Tomcat to 5.5.27 to address a large amount of vulnerabilities.
57f0357096f8c3981243635a2028021d
Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues.
fa0a6a8003587117a6311ddf437cc6f1
Debian Security Advisory 1593-1 - It was discovered that the Host Manager web application performed insufficient input sanitizing, which could lead to cross-site scripting.
a3cfa2d865fad8c5d975bdf87a2b9796
Tomcat versions 5.5.9 through 5.5.26 and versions 6.0.0 through 6.0.16 suffer from a host-manager cross site scripting vulnerability.
e6e6eeb089bf09dc0ef016da95861796