LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1048-1: Tomcat vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Tomcat did not properly escape certain parameters inthe Manager application which could result in browsers becoming vulnerableto cross-site scripting attacks when processing the output. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploit [More...]
===========================================================
Ubuntu Security Notice USN-1048-1          January 24, 2011
tomcat6 vulnerability
CVE-2010-4172
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  tomcat6-admin                   6.0.20-2ubuntu2.3

Ubuntu 10.04 LTS:
  tomcat6-admin                   6.0.24-2ubuntu1.6

Ubuntu 10.10:
  tomcat6-admin                   6.0.28-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.3.diff.gz
      Size/MD5:    27239 0cc20bab1a9b311bdebf30b7906a19a7
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.3.dsc
      Size/MD5:     2204 34fb37d15fe193f6def5becb76b0dbaf
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
      Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:   247424 a14215f5c3cb7ac653b68f16053b945d
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:   183264 4b6b468e0f349e856f56d599573c1600
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:  2914890 6007d0180bd5bfd7430cee707dd60336
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:    39086 c6667d042139ff18b6ce16a4a7d136f9
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:    36804 cf0938f04b4264bbb828eb038d6a2f7b
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:   480290 9963984b5b9af8ca130cfd714d7be6b9
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:   419290 4ac9738375f53bf57ba4a00dad5c234a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:    21918 b2f4ab22cfa41f0f3a16af0eb75355ff
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.3_all.deb
      Size/MD5:    26318 1a1de7f4532d0b13c778d9d9c181fe74

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
      Size/MD5:    32782 d369c0e8ab9ef06c320a74ba10c5e361
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.6.dsc
      Size/MD5:     2405 2ee1921228239791f5aab04bc2bf6c48
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
      Size/MD5:  3262568 0bc48af723d6fee31e404434b3744f66

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:   255532 3e126e0a1561b296d78e5713c42b6196
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:   190776 82973dee7e623299449cced7e3bafd50
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:  3008498 cfc272e2ad4ae852f0507d2ada8f0ad8
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:    42094 19948285f4a71219c5f4683f8b4707a8
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:    46300 bff1f177657f45b5de8f9a6b4b875bd9
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:   509958 95aacb34a537e9c8f80cc0b6c20272c6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:   157790 4e30309eb658f3e0d272d7a80afe3ddd
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:    25402 c4b54a4b984665b2a8ba0f7aaf49f6f6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.6_all.deb
      Size/MD5:    31424 376f9f72e7ed8b763bf9ad9bd5845003

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.1.debian.tar.gz
      Size/MD5:    34180 9a58889c9a818f3932ab3fb06e07a0c2
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.1.dsc
      Size/MD5:     2360 b88dde12cb761f398c6cb2848a68d5ca
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28.orig.tar.gz
      Size/MD5:  3114279 c3d696609054be07a55c14a7de1b8ddf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:   247884 76667eab1aea739baa2f6e94bf77922a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:   191520 5a00687018dd7bc449d003a0183e32ac
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:  3025018 77ef8e9a0eb75bd69c1425f3633ae88e
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:    42388 41a06ce99f6d62589b2bf9ed2d015759
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:    47302 91d28d83c8c1ef5f39f517882b01151e
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:   513714 141ddd468004ffc97660ab49f2b7e6f9
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:   160756 1878b3c23e566f3c5478ea5dc783fd80
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:    25938 9484ebad8612001220014e38807e9359
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.1_all.deb
      Size/MD5:    32822 93254c4418a7645582196bea71a3aff6




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.