Hosting Provided By

Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

From: Moritz Muehlenhoff <jmm(at)inutil.org>
Date: Sun Jan 13 2008 - 17:33:20 EST

<chdh@inventec.ch> wrote:
>> AccessControlException: access denied ... logging.properties read
>
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).

Indeed. The tomcat5.5-webapps package hasn't been adapted, since it's for examples and documentation and not for production use. There were also some other security problems found in these example apps, which weren't addressed either.

Cheers,

Moritz

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Jan 13 17:34:42 2008

This message: [ Message body ]
Next message: Nihil: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"
Previous message: chdh: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"
In reply to: chdh: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"
Next in thread: Nihil: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:13 EDT