Description
Fixed in Apache Tomcat 4.1.37:
-
important: Information disclosure CVE-2005-3164
If a client specifies a Content-Length but disconnects before sending any of the request body, the deprecated AJP connector processes the request using the request body of the previous request. Users are advised to use the default, supported Coyote AJP connector which does not exhibit this issue. -
moderate: Cross-site scripting CVE-2007-1355
The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output. -
low: Cross-site scripting CVE-2007-2449
JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. -
low: Cross-site scripting CVE-2007-2450
The Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. This applciation now filters the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. -
low: Session hi-jacking CVE-2007-3382
Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker. -
low: Cross-site scripting CVE-2007-3383
When reporting error messages, the SendMailServlet (part of the examples web application) did not escape user provided data before including it in the output. This enabled a XSS attack. This Servlet now filters the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. -
low: Session hi-jacking CVE-2007-3385
Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker. -
low: Session hi-jacking CVE-2007-5333
The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. -
low: Information disclosure CVE-2007-5461
When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client.
Affected Apache Tomcat version (4.1.0 - 4.1.36).
Remediation
Upgrade Apache Tomcat to the latest version.
References
Related Vulnerabilities
WordPress Plugin WP Subscribe Cross-Site Scripting (1.0.2)
VMware vCenter vcavbootstrap Arbitrary File Read
PHP Resource Management Errors Vulnerability (CVE-2011-1657)
WordPress Plugin Duplicate Page and Post SQL Injection (2.5.6)
WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)