Test Kennung:	1.3.6.1.4.1.25623.1.0.121315
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 201412-29
Zusammenfassung:	Gentoo Linux Local Security Checks GLSA 201412-29
Beschreibung:	Summary: Gentoo Linux Local Security Checks GLSA 201412-29 Vulnerability Insight: Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2733 BugTraq ID: 56402 http://www.securityfocus.com/bid/56402 HPdes Security Advisory: HPSBMU02873 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218 http://www.securitytracker.com/id?1027729 http://secunia.com/advisories/51371 http://secunia.com/advisories/57126 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://www.ubuntu.com/usn/USN-1637-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3544 BugTraq ID: 59797 http://www.securityfocus.com/bid/59797 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Bugtraq: 20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/23 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E http://www.ubuntu.com/usn/USN-1841-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3546 1027833 http://www.securitytracker.com/id?1027833 20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html 51984 http://secunia.com/advisories/51984 52054 http://secunia.com/advisories/52054 56812 http://www.securityfocus.com/bid/56812 57126 HPSBMU02873 HPSBST02955 HPSBUX02866 RHSA-2013:0004 http://rhn.redhat.com/errata/RHSA-2013-0004.html RHSA-2013:0005 http://rhn.redhat.com/errata/RHSA-2013-0005.html RHSA-2013:0146 http://rhn.redhat.com/errata/RHSA-2013-0146.html RHSA-2013:0147 http://rhn.redhat.com/errata/RHSA-2013-0147.html RHSA-2013:0151 http://rhn.redhat.com/errata/RHSA-2013-0151.html RHSA-2013:0157 http://rhn.redhat.com/errata/RHSA-2013-0157.html RHSA-2013:0158 http://rhn.redhat.com/errata/RHSA-2013-0158.html RHSA-2013:0162 http://rhn.redhat.com/errata/RHSA-2013-0162.html RHSA-2013:0163 http://rhn.redhat.com/errata/RHSA-2013-0163.html RHSA-2013:0164 http://rhn.redhat.com/errata/RHSA-2013-0164.html RHSA-2013:0191 http://rhn.redhat.com/errata/RHSA-2013-0191.html RHSA-2013:0192 http://rhn.redhat.com/errata/RHSA-2013-0192.html RHSA-2013:0193 http://rhn.redhat.com/errata/RHSA-2013-0193.html RHSA-2013:0194 http://rhn.redhat.com/errata/RHSA-2013-0194.html RHSA-2013:0195 http://rhn.redhat.com/errata/RHSA-2013-0195.html RHSA-2013:0196 http://rhn.redhat.com/errata/RHSA-2013-0196.html RHSA-2013:0197 http://rhn.redhat.com/errata/RHSA-2013-0197.html RHSA-2013:0198 http://rhn.redhat.com/errata/RHSA-2013-0198.html RHSA-2013:0221 http://rhn.redhat.com/errata/RHSA-2013-0221.html RHSA-2013:0235 http://rhn.redhat.com/errata/RHSA-2013-0235.html RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RHSA-2013:0641 http://rhn.redhat.com/errata/RHSA-2013-0641.html RHSA-2013:0642 http://rhn.redhat.com/errata/RHSA-2013-0642.html SSRT101139 SSRT101182 USN-1685-1 http://www.ubuntu.com/usn/USN-1685-1 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc?view=revision&revision=1377892 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html openSUSE-SU-2012:1700 openSUSE-SU-2012:1701 openSUSE-SU-2013:0147 oval:org.mitre.oval:def:19305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305 Common Vulnerability Exposure (CVE) ID: CVE-2012-4431 BugTraq ID: 56814 http://www.securityfocus.com/bid/56814 Bugtraq: 20121204 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541 RedHat Security Advisories: RHSA-2013:0267 http://rhn.redhat.com/errata/RHSA-2013-0267.html RedHat Security Advisories: RHSA-2013:0268 http://rhn.redhat.com/errata/RHSA-2013-0268.html RedHat Security Advisories: RHSA-2013:0647 http://rhn.redhat.com/errata/RHSA-2013-0647.html RedHat Security Advisories: RHSA-2013:0648 http://rhn.redhat.com/errata/RHSA-2013-0648.html RedHat Security Advisories: RHSA-2013:1437 http://rhn.redhat.com/errata/RHSA-2013-1437.html RedHat Security Advisories: RHSA-2013:1853 http://rhn.redhat.com/errata/RHSA-2013-1853.html http://www.securitytracker.com/id?1027834 SuSE Security Announcement: openSUSE-SU-2013:0161 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html SuSE Security Announcement: openSUSE-SU-2013:0192 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4534 1027836 http://www.securitytracker.com/id?1027836 20121204 CVE-2012-4534 Apache Tomcat denial of service http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html 56813 http://www.securityfocus.com/bid/56813 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc?view=revision&revision=1340218 https://issues.apache.org/bugzilla/show_bug.cgi?id=52858 openSUSE-SU-2013:0161 openSUSE-SU-2013:0170 http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html openSUSE-SU-2013:0192 oval:org.mitre.oval:def:19398 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398 Common Vulnerability Exposure (CVE) ID: CVE-2012-5885 BugTraq ID: 56403 http://www.securityfocus.com/bid/56403 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT101146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 RedHat Security Advisories: RHSA-2013:0623 RedHat Security Advisories: RHSA-2013:0629 http://rhn.redhat.com/errata/RHSA-2013-0629.html RedHat Security Advisories: RHSA-2013:0631 http://rhn.redhat.com/errata/RHSA-2013-0631.html RedHat Security Advisories: RHSA-2013:0632 http://rhn.redhat.com/errata/RHSA-2013-0632.html RedHat Security Advisories: RHSA-2013:0633 http://rhn.redhat.com/errata/RHSA-2013-0633.html RedHat Security Advisories: RHSA-2013:0640 RedHat Security Advisories: RHSA-2013:0726 http://rhn.redhat.com/errata/RHSA-2013-0726.html XForce ISS Database: tomcat-replay-security-bypass(80408) https://exchange.xforce.ibmcloud.com/vulnerabilities/80408 Common Vulnerability Exposure (CVE) ID: CVE-2012-5886 XForce ISS Database: tomcat-http-Digest-security-bypass(80407) https://exchange.xforce.ibmcloud.com/vulnerabilities/80407 Common Vulnerability Exposure (CVE) ID: CVE-2012-5887 XForce ISS Database: tomcat-digest-security-bypass(79809) https://exchange.xforce.ibmcloud.com/vulnerabilities/79809 Common Vulnerability Exposure (CVE) ID: CVE-2013-2067 BugTraq ID: 59799 http://www.securityfocus.com/bid/59799 Bugtraq: 20130510 [SECURITY] CVE-2013-2067 Session fixation with FORM authenticator (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html RedHat Security Advisories: RHSA-2013:0834 http://rhn.redhat.com/errata/RHSA-2013-0834.html RedHat Security Advisories: RHSA-2013:0839 http://rhn.redhat.com/errata/RHSA-2013-0839.html RedHat Security Advisories: RHSA-2013:0964 http://rhn.redhat.com/errata/RHSA-2013-0964.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2071 BugTraq ID: 59798 http://www.securityfocus.com/bid/59798 Bugtraq: 20130510 CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html HPdes Security Advisory: HPSBMU02966 http://marc.info/?l=bugtraq&m=139344248911289&w=2 SuSE Security Announcement: openSUSE-SU-2013:1306 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4286 BugTraq ID: 65773 http://www.securityfocus.com/bid/65773 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 HPdes Security Advisory: HPSBOV03503 http://marc.info/?l=bugtraq&m=144498216801440&w=2 HPdes Security Advisory: HPSBUX03150 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 RedHat Security Advisories: RHSA-2014:0343 http://rhn.redhat.com/errata/RHSA-2014-0343.html RedHat Security Advisories: RHSA-2014:0344 http://rhn.redhat.com/errata/RHSA-2014-0344.html RedHat Security Advisories: RHSA-2014:0345 http://rhn.redhat.com/errata/RHSA-2014-0345.html RedHat Security Advisories: RHSA-2014:0686 https://rhn.redhat.com/errata/RHSA-2014-0686.html http://secunia.com/advisories/57675 http://secunia.com/advisories/59036 http://secunia.com/advisories/59675 http://secunia.com/advisories/59722 http://secunia.com/advisories/59724 http://secunia.com/advisories/59733 http://secunia.com/advisories/59873 http://www.ubuntu.com/usn/USN-2130-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4322 BugTraq ID: 65767 http://www.securityfocus.com/bid/65767 http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 Common Vulnerability Exposure (CVE) ID: CVE-2013-4590 BugTraq ID: 65768 http://www.securityfocus.com/bid/65768 Common Vulnerability Exposure (CVE) ID: CVE-2014-0033 BugTraq ID: 65769 http://www.securityfocus.com/bid/65769 Common Vulnerability Exposure (CVE) ID: CVE-2014-0050 BugTraq ID: 65400 http://www.securityfocus.com/bid/65400 Bugtraq: 20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library (Google Search) http://www.securityfocus.com/archive/1/532549/100/0/threaded Debian Security Information: DSA-2856 (Google Search) http://www.debian.org/security/2014/dsa-2856 https://security.gentoo.org/glsa/202107-39 HPdes Security Advisory: HPSBGN03329 http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E RedHat Security Advisories: RHSA-2014:0252 http://rhn.redhat.com/errata/RHSA-2014-0252.html RedHat Security Advisories: RHSA-2014:0253 http://rhn.redhat.com/errata/RHSA-2014-0253.html RedHat Security Advisories: RHSA-2014:0400 http://rhn.redhat.com/errata/RHSA-2014-0400.html http://secunia.com/advisories/57915 http://secunia.com/advisories/58075 http://secunia.com/advisories/58976 http://secunia.com/advisories/59039 http://secunia.com/advisories/59041 http://secunia.com/advisories/59183 http://secunia.com/advisories/59184 http://secunia.com/advisories/59185 http://secunia.com/advisories/59187 http://secunia.com/advisories/59232 http://secunia.com/advisories/59399 http://secunia.com/advisories/59492 http://secunia.com/advisories/59500 http://secunia.com/advisories/59725 http://secunia.com/advisories/60475 http://secunia.com/advisories/60753 Common Vulnerability Exposure (CVE) ID: CVE-2014-0075 BugTraq ID: 67671 http://www.securityfocus.com/bid/67671 Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html HPdes Security Advisory: HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 HPdes Security Advisory: SSRT101681 http://www.mandriva.com/security/advisories?name=MDVSA-2015:053 https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html http://secunia.com/advisories/59121 http://secunia.com/advisories/59616 http://secunia.com/advisories/59678 http://secunia.com/advisories/59732 http://secunia.com/advisories/59835 http://secunia.com/advisories/59849 http://secunia.com/advisories/60729 http://secunia.com/advisories/60793 Common Vulnerability Exposure (CVE) ID: CVE-2014-0096 BugTraq ID: 67667 http://www.securityfocus.com/bid/67667 Debian Security Information: DSA-3552 (Google Search) http://www.debian.org/security/2016/dsa-3552 http://seclists.org/fulldisclosure/2014/May/135 http://www.securitytracker.com/id/1030301 Common Vulnerability Exposure (CVE) ID: CVE-2014-0099 BugTraq ID: 67668 http://www.securityfocus.com/bid/67668 Bugtraq: 20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure (Google Search) http://www.securityfocus.com/archive/1/532221/100/0/threaded Bugtraq: 20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure (Google Search) http://www.securityfocus.com/archive/1/532218/100/0/threaded http://seclists.org/fulldisclosure/2014/May/140 http://seclists.org/fulldisclosure/2014/May/138 http://www.securitytracker.com/id/1030302 Common Vulnerability Exposure (CVE) ID: CVE-2014-0119 BugTraq ID: 67669 http://www.securityfocus.com/bid/67669 http://seclists.org/fulldisclosure/2014/May/141 http://www.securitytracker.com/id/1030298 http://www.ubuntu.com/usn/USN-2654-1
Copyright	Copyright (C) 2015 Eero Volotinen

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.