Bug 146022 - [security] www/tomcat6, www/tomcat55 information disclosure
Summary: [security] www/tomcat6, www/tomcat55 information disclosure
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-24 21:50 UTC by niels
Modified: 2010-08-20 23:00 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description niels freebsd_committer 2010-04-24 21:50:03 UTC
From the security advsory:

Low: Information disclosure in authentication headers   CVE-2010-1157

The WWW-Authenticate HTTP header for BASIC and DIGEST authentication includes a realm name. If a <realm-name> element is specified for the application in web.xml it will be used. However, a <realm-name> is not specified then Tomcat will generate realm name using the code snippet request.getServerName() + ":" + request.getServerPort(). In some circumstances this can expose the local host name or IP address of the machine running Tomcat. 


Can you update the ports or add the patch? 
Thanks!

Fix: 

Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540
Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541
How-To-Repeat: N/A
Comment 1 dfilter service freebsd_committer 2010-04-24 22:15:07 UTC
niels       2010-04-24 21:14:58 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti
  
  PR:             ports/146021
  PR:             ports/146022
  Approved by:    remko (secteam)
  Security:       http://seclists.org/bugtraq/2010/Apr/200
  Security:       http://docs.moodle.org/en/Moodle_1.9.8_release_notes
  Security:       http://www.bonsai-sec.com/en/research/vulnerability.php
  
  Revision  Changes    Path
  1.2146    +95 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2010-06-03 02:26:56 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ale

The vuXML patch has been committed, but the two tomcat ports still need 
updating.  Assign this the to maintainer of tomcat6 with a Cc: to the 
maintainer of tomcat55.
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2010-08-20 22:33:33 UTC
State Changed
From-To: open->closed

Now OBE by later commits to tomcat55 and tomcat6.
Comment 4 Jason 2010-08-20 22:54:57 UTC
It looks like this vulnerability was covered in the latest update of
tomcat55 with PR ports/148611, as the tomcat version is not affected per the
CVE.

http://seclists.org/bugtraq/2010/Apr/200

Affects version of tomcat 5.5.0 to 5.5.29

Tomcat version is now at 5.5.30

-jgh

-- 
Jason Helfman