Solution: Apache Tomcat 5.5.x:
Update to version 5.5.27.
Apache Tomcat 4.1.x:
Update to version 4.1.39.
Provided and/or discovered by: 1) The vendor credits Konstantin Kolinko.
2) The vendor credits Stefano Di Paola of Minded Security Research Labs.
3) Simon Ryeo
Changelog: 2008-08-12: Added vulnerability #3 to the advisory. Updated credits, "Solution", and "Original Advisory" sections.
2008-08-20: Added link to US-CERT.
2008-09-10: Updated "Solution" with version information about 5.5.x.
2008-12-19: Updated "Solution" section with version information about 4.1.x.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.