Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to manipulate certain data or to disclose sensitive information.

1) An error exists within the native (APR based) connector when handling SSL requests. This can be exploited to trigger the duplicate processing of a recent request by connecting to the SSL port and disconnecting without sending data.

The vulnerability is reported in versions 5.5.11 to 5.5.25, and 6.0.0 to 6.0.15.

2) Input containing a quote or a %5C character in cookie values is incorrectly handled in an unspecified way, which can be exploited to disclose sensitive information including session IDs.

This is related to:
SA26466

The vulnerability is reported in versions 5.5.0 to 5.5.25, and 6.0.0 to 6.0.14.

Solution
Update to version 5.5.26 or 6.0.16.

Provided and/or discovered by
1) The vendor credits System Core.
2) Yoshihiro Ishikawa, LAC

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://seclists.org/bugtraq/2008/Feb/0099.html

LAC:
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/97_e.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers