CVE-2007-5333 – Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
https://notcve.org/view.php?id=CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. Apache Tomcat 6.0.0 hasta 6.0.14, 5.5.0 hasta 5.5.25, 4.1.36 y 4.1.0 al no manejar adecuadamente secuencias (1) caracteres de dobles comillas (") o (2) secuencias de contrabarra codificadas %5C en un valor de cookie, podría provocar que información sensible como los IDs de sesión sean filtradas a atacantes remotos, así como habilitar ataques de secuestro de sesión. NOTA: este problema existe debido a una arreglo erroneo de CVE-2007-3385. • https://www.exploit-db.com/exploits/31130 http://jvn.jp/jp/JVN%2309470767/index.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28878 http://secunia.com/advisories/28884 http://secunia.com/advisories/28915 http://se • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0128 – tomcat5 SSO cookie login information disclosure
https://notcve.org/view.php?id=CVE-2008-0128
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. El valor SingleSignOn (org.apache.catalina.authenticator.SingleSignOn) en Apache Tomcat anterior a 5.5.21 no asigna la bandera segura para la cookie JSESSIONIDSSO en una sesión http, haciéndolo más fácil para atacantes remotos para capturar esta cookie. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/28549 http://secunia.com/advisories/28552 http://secunia.com/advisories/29242 http://secunia.com/advisories/31493 http://secunia.com/advisories/33668 http://security-tracker.debian.net/tracker/CVE- • CWE-16: Configuration •
CVE-2007-5342 – Apache Tomcat's default security policy is too open
https://notcve.org/view.php?id=CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. La catalina.policy por defecto en el componente de acceso JULI de Apache Tomcat 5.5.9 hasta 5.5.25 y 6.0.0 hasta 6.0.15 no restringe determinados permisos para aplicaciones web, lo cual permite a atacantes remotos modificar opciones de configuración de acceso y sobrescribir ficheros de su elección, como se demuestra cambiando los atributos (1) level, (2) directory, y (3) prefix en el gestor org.apache.juli.FileHandler. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/39833 http://secunia.com/advisories/28274 http://secunia.com/advisories/28317 http://secunia.com/advisories/28915 http://secunia.com/advisories/29313 http://secunia.com/advisories/29711 http://secunia.com/advisories/30676 http://secunia.com/advisories/32120 http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5461 – Apache Tomcat - WebDAV SSL Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una petición de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM. • https://www.exploit-db.com/exploits/4552 https://www.exploit-db.com/exploits/4530 http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html http://issues.apache.org/jira/browse/GERONIMO-3549 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-4724
https://notcve.org/view.php?id=CVE-2007-4724
Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cal2.jsp en la aplicación de ejemplos de calendario de Apache Tomcat 4.1.31 permite a atacantes remotos añadir eventos como usuarios de su elección mediante los parámetros time y description. • http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html http://osvdb.org/41029 http://securityreason.com/securityalert/3094 http://www.securityfocus.com/archive/1/478491/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •