{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Apache Tomcat version 4.1.37 et versions ant\u00e9rieures ;","product":{"name":"Tomcat","vendor":{"name":"Apache","scada":false}}},{"description":"Apache Tomcat version 6.0.16 et versions ant\u00e9rieures.","product":{"name":"Tomcat","vendor":{"name":"Apache","scada":false}}},{"description":"Apache Tomcat version 5.5.26 et versions ant\u00e9rieures ;","product":{"name":"Tomcat","vendor":{"name":"Apache","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les versions , et d'Apache\nTomcat :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une mauvaise gestion des\n    arguments pass\u00e9s \u00e0 la fonction  \n    HttpServletResponse.sendError(). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\n    exploit\u00e9e afin de r\u00e9aliser une attaque par injection de code\n    indirecte (Cross Site Scripting) ;\n-   la seconde vuln\u00e9rabilit\u00e9 permet d'atteindre des ressources en acc\u00e8s\n    restreint.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-1232","url":"https://www.cve.org/CVERecord?id=CVE-2008-1232"},{"name":"CVE-2008-2370","url":"https://www.cve.org/CVERecord?id=CVE-2008-2370"},{"name":"CVE-2008-1947","url":"https://www.cve.org/CVERecord?id=CVE-2008-1947"}],"links":[{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2008-8130 du 16    septembre 2008 :","url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Suse SUSE-SR:2008:018 du 19 septembre    2008 :","url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Suse SUSE-SR:2008:014 du 04 juillet    2008 :","url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2008-7977 du 11    septembre 2008 :","url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0648 du 27 ao\u00fbt 2008    :","url":"http://rhn.redhat.com/errata/RHSA-2008-0648.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1593 du 09 juin 2008 :","url":"http://www.debian.org/security/2008/dsa-1593"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:188 du 05    septembre 2008 :","url":"http://www.mandriva.com/archives/security/advisories"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2008-8113 du 16    septembre 2008 :","url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"}],"reference":"CERTA-2008-AVI-392","revisions":[{"description":"version initiale.","revision_date":"2008-08-07T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux distributions Linux.","revision_date":"2008-10-06T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur web <span\nclass=\"textit\">Apache Tomcat</span>. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\nexploit\u00e9es afin de contourner la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat","vendor_advisories":[{"published_at":null,"title":"Bulletins de mise \u00e0 jour Apache Tomcat","url":"http://tomcat.apache.org/security-6.html"}]}