[USN-788-1] Tomcat vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jun 15 15:22:27 UTC 2009


===========================================================
Ubuntu Security Notice USN-788-1              June 15, 2009
tomcat6 vulnerabilities
CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,
CVE-2009-0783
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libtomcat6-java                 6.0.18-0ubuntu3.2
  tomcat6-examples                6.0.18-0ubuntu3.2

Ubuntu 9.04:
  libtomcat6-java                 6.0.18-0ubuntu6.1
  tomcat6-examples                6.0.18-0ubuntu6.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Iida Minehiko discovered that Tomcat did not properly normalise paths. A
remote attacker could send specially crafted requests to the server and
bypass security restrictions, gaining access to sensitive content.
(CVE-2008-5515)

Yoshihito Fukuyama discovered that Tomcat did not properly handle errors
when the Java AJP connector and mod_jk load balancing are used. A remote
attacker could send specially crafted requests containing invalid headers
to the server and cause a temporary denial of service. (CVE-2009-0033)

D. Matscheko and T. Hackner discovered that Tomcat did not properly handle
malformed URL encoding of passwords when FORM authentication is used. A
remote attacker could exploit this in order to enumerate valid usernames.
(CVE-2009-0580)

Deniz Cevik discovered that Tomcat did not properly escape certain
parameters in the example calendar application which could result in
browsers becoming vulnerable to cross-site scripting attacks when
processing the output. With cross-site scripting vulnerabilities, if a user
were tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data (such as passwords), within the same domain.
(CVE-2009-0781)

Philippe Prados discovered that Tomcat allowed web applications to replace
the XML parser used by other web applications. Local users could exploit
this to bypass security restrictions and gain access to certain sensitive
files. (CVE-2009-0783)


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz
      Size/MD5:    22010 87c6105cd78ea5a8dbf62054fc4ba0aa
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc
      Size/MD5:     1378 823c008ffc927c0f3f5686fc6f5188d0
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:   174164 dd24331b2709bd6641b4055d0b052eae
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:  2961944 63c8c3e0300ed70a240b79ddd3299efb
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:    37370 b9b1bd6dc9cfb52107811295401c09e4
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:    53488 5006e5c394ec815f6d36c335d9f0abaf
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:   714516 768cacbb74453b1a2a49e55d61b7bedd
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:   419180 0663de0611fb9792d44aebad8aa24cc4
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:    18612 95544319007f1f90321469c5d314c72e
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb
      Size/MD5:    24156 9f4d7a0671e9330ff2fa1a1c13a20c58

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz
      Size/MD5:    24779 221e0f51259495fd01da2a6b67358b17
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc
      Size/MD5:     1411 e3bac3c39b2e6db3267699a533b17add
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:   246196 54e990e7893923b8b6df4bcce9f3ba22
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:   172500 abf989790a45def65d5de9a7f9b010df
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:  2846254 c1c0180751500ce58c51b97de9f2d6d9
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:    37874 e7d401faba215af22ecff31b4a675fad
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:    53184 194153ab21adac9a47baaf92ea8d2acb
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:   714212 d52e9abc75108a8f059346e09d47b511
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:   418316 3a7110c9da4bd72a7019cbb75651da73
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:    20520 ea5e54c91e7055e281d61e63f0e140f2
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb
      Size/MD5:    24952 ec80f910d6c8e606c090ba8dd737bc4c


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090615/d7b1db87/attachment.sig>


More information about the ubuntu-security-announce mailing list