Security Information / 2011 / Security Information -- DSA-2207-1 tomcat5.5

Debian Security Advisory

DSA-2207-1 tomcat5.5 -- several vulnerabilities

Date Reported:

30 Mar 2011

Affected Packages:

tomcat5.5

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227.

More information:

Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page.

For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.

The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6 is already fixed.

The unstable distribution (sid) no longer contains tomcat5.5. tomcat6 is already fixed.

We recommend that you upgrade your tomcat5.5 packages.