=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN081
_____________________________________________________________________

DATE                      : 08/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Apache Tomcat versions 7, 6, 5
                               prior to 7.0.8, 6.0.31, 5.5.32.

======================================================================
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
- ---------------------------------------------------------------------

Fixed in Apache Tomcat 7.0.8 (released 5 Feb 2011)

    Note: The issue below was fixed in Apache Tomcat 7.0.7 but the
release vote for the 7.0.7 release candidate did not pass. Therefore,
although users must download 7.0.8 to obtain a version that includes
a fix for this issue, version 7.0.7 is not included in the list of
affected versions.

    Important: Remote Denial Of Service CVE-2011-0534

    The NIO connector expands its buffer endlessly during request line
processing. That behaviour can be used for a denial of service attack
using a carefully crafted request.

    This was fixed in revision 1065939.

    This was identified by the Tomcat security team on 27 Jan 2011 and
made public on 5 Feb 2011.

    Affects: 7.0.0-7.0.6
_______________________________________________________________________

Fixed in Apache Tomcat 6.0.32 	released 03 Feb 2011

    Note: The issue below was fixed in Apache Tomcat 6.0.31 but the release
vote for the 6.0.31 release candidate did not pass. Therefore,
although users must download 6.0.32 to obtain a version that includes
a fix for this issue, version 6.0.31 is not included in the list of
affected versions.

    Important: Remote Denial Of Service CVE-2011-0534

    The NIO connector expands its buffer endlessly during request
line processing. That behaviour can be used for a denial of service
attack using a carefully crafted request.

    This was fixed in revision 1066313.

    This was identified by the Tomcat security team on 27 Jan 2011
and made public on 5 Feb 2011.

    Affects: 6.0.0-6.0.30
________________________________________________________________________

Fixed in Apache Tomcat 5.5.32 	released 1 Feb 2011

    low: Cross-site scripting CVE-2011-0013

    The HTML Manager interface displayed web applciation provided data,
such as display names, without filtering. A malicious web application
could trigger script execution by an administartive user when viewing
the manager pages.

    This was fixed in revision 1057518.

    This was identified by the Tomcat security team on 12 Nov 2010
and made public on 5 Feb 2011.

    Affects: 5.5.0-5.5.31

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================