Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-899-1: Tomcat vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-899-1: Tomcat vulnerabilities
# 1  
Old 02-11-2010
USN-899-1: Tomcat vulnerabilities
Referenced CVEs:
CVE-2009-2693, CVE-2009-2901, CVE-2009-2902


Description:
=========================================================== Ubuntu Security Notice USN-899-1 February 11, 2010 tomcat6 vulnerabilities CVE-2009-2693, CVE-2009-2901, CVE-2009-2902 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.3 Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.2 Ubuntu 9.10: libtomcat6-java 6.0.20-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

audit_startup

audit_startup(1M)					  System Administration Commands					 audit_startup(1M)

NAME

       audit_startup - audit subsystem initialization script

SYNOPSIS

       /etc/security/audit_startup

DESCRIPTION

       The  audit_startup  script is used to initialize the audit subsystem before the audit deamon is started. This script is configurable by the
       system administrator, and currently consists of a series of auditconfig(1M) commands to set the system default  policy,	and  download  the
       initial event to class mapping.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete Committed	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auditconfig(1M), auditd(1M), bsmconv(1M), attributes(5)

       See the section on Solaris Auditing in System Administration Guide: Security Services.

NOTES

       The  functionality  described  in  this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
       more information.

       This command is Obsolete and may be removed and replaced with equivalent functionality in a future release of Solaris.

SunOS 5.11							    20 Jan 2009 						 audit_startup(1M)