Family: Debian Local Security Checks --> Category: infos
[DSA170] DSA-170-1 tomcat4 Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A security vulnerability has been found in all Tomcat 4.x releases.
This problem allows a possible hacker to use a specially crafted URL to
return the unprocessed source code of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraints, without the need for being properly
This problem has been fixed in version 4.0.3-3woody1 for the current
stable distribution (woody) and in version 4.1.12-1 for the unstable
release (sid). The old stable release (potato) does not contain
tomcat packages. Also, packages for tomcat3 are not vulnerable to
We recommend that you upgrade your tomcat package immediately.
Solution : http://www.debian.org/security/2002/dsa-170
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.