X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 239312 Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10

Guest Author
Product: Solaris 9 Operating System Solaris 10 Operating System
There are several vulnerabilities in the Tomcat JSP/Servlet container
which affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9.

These issues may allow a remote or local unprivileged user to cause
a denial of service (DoS), inject arbitrary web script or HTML via
Cross-Site Scripting (XSS) attempts, read arbitrary files and
source code from the server, or obtain the installation path and
other sensitive information.

Additional information regarding these issues is available at:

������ \* Apache Tomcat 4.x vulnerabilities:
http://tomcat.apache.org/security-4.html

������ \* CVE-2002-1148 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148

������ \* CVE-2002-1394 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394

������ \* CVE-2002-2006 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006

������ \* CVE-2003-0866 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866

������ \* CVE-2005-2090 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

������ \* CVE-2005-3164 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164

������ \* CVE-2005-3510 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510

������ \* CVE-2006-3835 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835

������ \* CVE-2007-0450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450

������ \* CVE-2007-1355 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355

������ \* CVE-2007-1358 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358

������ \* CVE-2007-2450 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450

������ \* CVE-2007-5461 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461

State: Resolved
First released: 30-Jun-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.