sdkp2-tomcat5Security update for Tomcat 5Security update for Tomcat 5Two old but not yet fixed security issues in tomcat5 were
spotted and are fixed by this update:
CVE-2006-3835: Apache Tomcat 5 before 5.5.17 allows remote
attackers to list directories via a semicolon (;) preceding
a filename with a mapped extension, as demonstrated by URLs
ending with /;index.jsp and /;help.do.
Cross-site scripting (XSS) vulnerability in certain
applications using Apache Tomcat allowed remote attackers
to inject arbitrary web script or HTML via crafted
"Accept-Language headers that do not conform to RFC 2616".
These issues were rated "low" by the Apache Tomcat team.
Two old but not yet fixed security issues in tomcat5 were
spotted and are fixed by this update:
CVE-2006-3835: Apache Tomcat 5 before 5.5.17 allows remote
attackers to list directories via a semicolon (;) preceding
a filename with a mapped extension, as demonstrated by URLs
ending with /;index.jsp and /;help.do.
Cross-site scripting (XSS) vulnerability in certain
applications using Apache Tomcat allowed remote attackers
to inject arbitrary web script or HTML via crafted
"Accept-Language headers that do not conform to RFC 2616".
These issues were rated "low" by the Apache Tomcat team.
securitytomcat5noarch971736e7e3878571965eb4fc257bba3609981c82tomcat5-admin-webappsnoarch43db1fae06a4b6971a8a074622f41f207490005ftomcat5-webappsnoarchc02eb8bf4a58b16923d173268eca867d3a1b5f56