Test Kennung:	1.3.6.1.4.1.25623.1.0.100474
Kategorie:	Web Servers
Titel:	Apache Tomcat Multiple Vulnerabilities (Jan 2010)
Zusammenfassung:	Apache Tomcat is prone to a directory traversal vulnerability and to; an authentication-bypass vulnerability.
Beschreibung:	Summary: Apache Tomcat is prone to a directory traversal vulnerability and to an authentication-bypass vulnerability. Vulnerability Impact: Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories. Affected Software/OS: Tomcat 5.5.0 through 5.5.28 Tomcat 6.0.0 through 6.0.20 Solution: The vendor has released updates. Please see the references for details. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2901 1023503 http://securitytracker.com/id?1023503 20100124 [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy http://www.securityfocus.com/archive/1/509151/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 37942 http://www.securityfocus.com/bid/37942 38316 http://secunia.com/advisories/38316 38346 http://secunia.com/advisories/38346 38541 http://secunia.com/advisories/38541 39317 http://secunia.com/advisories/39317 43310 http://secunia.com/advisories/43310 57126 http://secunia.com/advisories/57126 ADV-2010-0213 http://www.vupen.com/english/advisories/2010/0213 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 MDVSA-2010:177 http://www.mandriva.com/security/advisories?name=MDVSA-2010:177 SSRT100029 SSRT100825 SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html USN-899-1 http://ubuntu.com/usn/usn-899-1 [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT4077 http://svn.apache.org/viewvc?rev=892815&view=rev http://svn.apache.org/viewvc?rev=902650&view=rev http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html openSUSE-SU-2012:1700 http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html openSUSE-SU-2012:1701 http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html openSUSE-SU-2013:0147 http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html tomcat-autodeploy-security-bypass(55856) https://exchange.xforce.ibmcloud.com/vulnerabilities/55856 Common Vulnerability Exposure (CVE) ID: CVE-2009-2902 1023504 http://securitytracker.com/id?1023504 20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory http://www.securityfocus.com/archive/1/509150/100/0/threaded 37945 http://www.securityfocus.com/bid/37945 38687 http://secunia.com/advisories/38687 40330 http://secunia.com/advisories/40330 40813 http://secunia.com/advisories/40813 ADV-2010-1559 http://www.vupen.com/english/advisories/2010/1559 ADV-2010-1986 http://www.vupen.com/english/advisories/2010/1986 DSA-2207 http://www.debian.org/security/2011/dsa-2207 HPSBUX02541 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 RHSA-2010:0119 http://www.redhat.com/support/errata/RHSA-2010-0119.html RHSA-2010:0580 http://www.redhat.com/support/errata/RHSA-2010-0580.html RHSA-2010:0582 http://www.redhat.com/support/errata/RHSA-2010-0582.html SSRT100145 SSRT101146 apache-tomcat-war-directory-traversal(55857) https://exchange.xforce.ibmcloud.com/vulnerabilities/55857 oval:org.mitre.oval:def:19431 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431 oval:org.mitre.oval:def:7092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092 Common Vulnerability Exposure (CVE) ID: CVE-2009-2693 BugTraq ID: 37944 http://www.securityfocus.com/bid/37944 Bugtraq: 20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration (Google Search) http://www.securityfocus.com/archive/1/509148/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) Debian Security Information: DSA-2207 (Google Search) HPdes Security Advisory: HPSBMA02535 HPdes Security Advisory: HPSBOV02762 HPdes Security Advisory: HPSBST02955 HPdes Security Advisory: HPSBUX02541 HPdes Security Advisory: HPSBUX02860 HPdes Security Advisory: SSRT100029 HPdes Security Advisory: SSRT100145 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT101146 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017 http://securitytracker.com/id?1023505 SuSE Security Announcement: SUSE-SR:2010:008 (Google Search) SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) XForce ISS Database: tomcat-war-directory-traversal(55855) https://exchange.xforce.ibmcloud.com/vulnerabilities/55855
Copyright	Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.