tomcat6-6.0.24-57.AXS4

エラータID: AXSA:2013-491:04

Release date: 
Monday, June 24, 2013 - 21:51
Subject: 
tomcat6-6.0.24-57.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Asianux Server 4 for ppc
Severity: 
High
Description: 

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.

Security issues fixed with this release:

• CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Solution: 

Update packages.

CVEs: 
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.


Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat6-6.0.24-57.AXS4.src.rpm
    MD5: e8a187845d2df08e7123e0d6d6a0f367
    SHA-256: da7b0fcd219ad69fd9183f5dde74c297abb607e7ef38dcd3f563df63ed77101a
    Size: 3.36 MB

Asianux Server 4 for x86
  1. tomcat6-6.0.24-57.AXS4.noarch.rpm
    MD5: 9283e7896938261e45daea34115b10e9
    SHA-256: 79581847d38d696dbb85981069a0eae6cc86c9b672c8fc6c5bb4a8aaac3fc576
    Size: 88.57 kB
  2. tomcat6-el-2.1-api-6.0.24-57.AXS4.noarch.rpm
    MD5: 97256e6e6bcda485fa5ec7c264c81468
    SHA-256: afa1bbb1dc600a1867a08d0ece91951678bfb4767c99f4bdc008265a7f4f32dd
    Size: 44.52 kB
  3. tomcat6-jsp-2.1-api-6.0.24-57.AXS4.noarch.rpm
    MD5: ee922414d125fafd57984e03cd9eafd5
    SHA-256: 19ea5f65d409c975e194214830e015cd1e2a1c991a12798418558b73a4069ed9
    Size: 81.42 kB
  4. tomcat6-lib-6.0.24-57.AXS4.noarch.rpm
    MD5: 1897e16d47b2009bbe224cb718d4c82e
    SHA-256: ccbc9501fe66ba62546d54fee1a9974f9c8509d33e5904ab5f4321f3ad74c0a9
    Size: 2.82 MB
  5. tomcat6-servlet-2.5-api-6.0.24-57.AXS4.noarch.rpm
    MD5: 864323be2eddcd2d4be3dc2e8e072067
    SHA-256: 40ec1850685ade4f03f6e663b165e36111b013f9278cd361ee2347947d667dc7
    Size: 95.30 kB

Asianux Server 4 for x86_64
  1. tomcat6-6.0.24-57.AXS4.noarch.rpm
    MD5: f72df37101a7e14ff2446082318b70ce
    SHA-256: 3032c9a10dd60b27ac905102cfbf87c5d02ca6198b6d1e82ff3f38a774bdde1f
    Size: 88.11 kB
  2. tomcat6-el-2.1-api-6.0.24-57.AXS4.noarch.rpm
    MD5: 26acdd626031fd73beec39441ece15b1
    SHA-256: 41d7ff9c7544ef1f3332beaf7a7d359fec069ba5f40f5e104f196dca94beea30
    Size: 44.07 kB
  3. tomcat6-jsp-2.1-api-6.0.24-57.AXS4.noarch.rpm
    MD5: a24e5c2e23ba2c28f45c480634a2137c
    SHA-256: 7f5373d3fafe8859bcfb409dbe001a00fdd0c81ec7ce3b968901147c781d1dd9
    Size: 80.97 kB
  4. tomcat6-lib-6.0.24-57.AXS4.noarch.rpm
    MD5: 2266c3fe0d4190f379a883736c57e02e
    SHA-256: 6018119752632e2179954b729131abdc630bf0c9f97a02cac2b5d49038a79e7e
    Size: 2.82 MB
  5. tomcat6-servlet-2.5-api-6.0.24-57.AXS4.noarch.rpm
    MD5: d4f63d10932302af401451f5dec29ce9
    SHA-256: 7da89530c2c4a1e478f0e8c2c46eaf0006cf7279c88e0cb40b3962ecb53e183c
    Size: 94.85 kB