ELSA-2009-1164

Опубликовано: 21 июл. 2009

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2009-1164: tomcat security update (IMPORTANT)

[5.5.23-0jpp.7.2]

Actually add the patch files this time Resolves: rhbz#427779 Resolves: rhbz#504758 Resolves: rhbz#503980 Resolves: rhbz#504162

[5.5.23-0jpp.7.2]

add patch for CVE-2007-5333 Resolves: rhbz#427779
add patch for CVE-2008-5515 Resolves: rhbz#504758
add patch for CVE-2009-0033
add patch for CVE-2009-0580 Resolves: rhbz#503980
add patch for CVE-2009-0783 Resolves: rhbz#504162

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

tomcat5

5.5.23-0jpp.7.el5_3.2

tomcat5-admin-webapps

5.5.23-0jpp.7.el5_3.2

tomcat5-common-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-server-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-webapps

5.5.23-0jpp.7.el5_3.2

Oracle Linux x86_64

tomcat5

5.5.23-0jpp.7.el5_3.2

tomcat5-admin-webapps

5.5.23-0jpp.7.el5_3.2

tomcat5-common-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-server-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-webapps

5.5.23-0jpp.7.el5_3.2

Oracle Linux i386

tomcat5

5.5.23-0jpp.7.el5_3.2

tomcat5-admin-webapps

5.5.23-0jpp.7.el5_3.2

tomcat5-common-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper

5.5.23-0jpp.7.el5_3.2

tomcat5-jasper-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api

5.5.23-0jpp.7.el5_3.2

tomcat5-jsp-2.0-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-server-lib

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api

5.5.23-0jpp.7.el5_3.2

tomcat5-servlet-2.4-api-javadoc

5.5.23-0jpp.7.el5_3.2

tomcat5-webapps

5.5.23-0jpp.7.el5_3.2

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2009-0783

CVSS3: 4.2

ubuntu

около 16 лет назад

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.