Multiple vulnerabilities has been found and corrected in tomcat5:
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or
overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,
as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and
6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase
files that remain from a failed undeploy, which might allow remote
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also
affected.
Description:
When deploying WAR files, the WAR files were not checked for directory
traversal attempts. This allows an attacker to create arbitrary content
outside of the web root.
Mitigation:
6.0.x users should upgrade to 6.0.24 or apply this patch:
Debian-specific: no
CVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227
Various vulnerabilities have been discovered in the Tomcat Servlet and
JSP engine, resulting in denial of service, cross-site scripting,
information disclosure and WAR file traversal. Further details on the
individual security issues can be found at
http://tomcat.apache.org/security-5.html.
For the oldstable distribution (lenny), this problem has been fixed in
version 5.5.26-5lenny2.
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Tomcat did not correctly validate WAR filenames or
paths when deploying. A remote attacker could send a specially crafted WAR
file to be deployed and cause arbitrary files and directories to be
created, overwritten, or deleted.
The specific flaw exists within the VRTSweb.exe Web Server component
which listens by default on TCP ports 8181, 8443, and 14300. The process
fails to properly validate an authentication request made to port 14300.
By providing a specific request an attacker can bypass the
authentication and instruct the process to unpack and execute data
within an arbitrary WAR file. This can be leveraged to execute arbitrary
code under the context of the SYSTEM user.
-- Vendor Response:
Symantec has issued an update to correct this vulnerability. More
details can be found at:
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also
affected.
Description:
When deploying WAR files, the WAR file names were not checked for
directory traversal attempts. This allows an attacker to cause the
deletion of the current contents of the host's work directory which may
cause problems for currently running applications.
Mitigation:
applications via a crafted application that is loaded earlier than
the target application (CVE-2009-0783).
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or
overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,
as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and
6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase
files that remain from a failed undeploy, which might allow remote
