Mandriva Linux Security Advisory 2014-042 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
899f987c3224ac9faee7d0f8a77e88d81115d42fecc6807eb47c8c4790da5b05Red Hat Security Advisory 2013-0872-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory.
199cda86dd71068edbef06de9eb7dc337d73b17a508b1f3cec2cd3be13e4aafbApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root.
0958d0cbed0050a16dec44ed62948999617eca534fb1b54edfe416b90c69c598Red Hat Security Advisory 2013-0870-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file.
73673139e2d79f38abef28de888a48c2d7dfbd4dd4f0af2607af87e6191be149Red Hat Security Advisory 2013-0869-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
401e4a4f336235be1cf456c5a4ad7081526d207288121b04e31993f2bece5aaf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed