Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 13 Jan 2008 23:33:20 +0100
Message-id: <[🔎] slrnfol4dg.8dn.jmm@inutil.org>
References: <20080103215449.GA12756@galadriel.inutil.org> <[🔎] 1199525586.8906.7.camel@localhost> <[🔎] 64ac5984-da1f-4825-8035-49aac7235b8a@v29g2000hsf.googlegroups.com>

<chdh@inventec.ch> wrote:
>> AccessControlException: access denied ... logging.properties read
>
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).

Indeed. The tomcat5.5-webapps package hasn't been adapted, since
it's for examples and documentation and not for production use.
There were also some other security problems found in these example
apps, which weren't addressed either.

Cheers,
        Moritz

Reply to:

References:
- Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: Nihil <nihil@nanihil.com>
- Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: chdh <chdh@inventec.ch>

Prev by Date: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by Date: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Previous by thread: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by thread: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Index(es):
- Date
- Thread