thr3ads.net - Secure testing team - [Secure-testing-team] Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal [Aug 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Aug-10 07:32 UTC

[Secure-testing-team] Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal

Package: tomcat5.5
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for tomcat5.5.

CVE-2008-1232[0]:
| Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0
| through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows
| remote attackers to inject arbitrary web script or HTML via a crafted
| string that is used in the message argument to the
| HttpServletResponse.sendError method.

CVE-2008-2370[1]:
| Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0
| through 6.0.16, when a RequestDispatcher is used, performs path
| normalization before removing the query string from the URI, which
| allows remote attackers to conduct directory traversal attacks and
| read arbitrary files via a .. (dot dot) in a request parameter.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

Also see the tomcat5.5 summary page[2].

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
    http://security-tracker.debian.net/tracker/CVE-2008-1232
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
    http://security-tracker.debian.net/tracker/CVE-2008-2370
[2] http://tomcat.apache.org/security-5.html

Secure testing team - Aug 2008 - Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal

[Secure-testing-team] Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal