English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58826
Kategorie:FreeBSD Local Security Checks
Titel:FreeBSD Ports: apache-tomcat
Zusammenfassung:The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

apache-tomcat
tomcat
jakarta-tomcat

CVE-2005-2090
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0)
allows remote attackers to poison the web cache, bypass web
application firewall protection, and conduct XSS attacks via an HTTP
request with both a 'Transfer-Encoding: chunked' header and a
Content-Length header, which causes Tomcat to incorrectly handle and
forward the body of the request in a way that causes the receiving
server to process it as a separate HTTP request, aka 'HTTP Request
Smuggling.'

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-2090
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 13873
http://www.securityfocus.com/bid/13873
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search)
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Bugtraq: 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 (Google Search)
http://www.securityfocus.com/archive/1/485938/100/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
http://www.redhat.com/support/errata/RHSA-2007-0327.html
http://www.redhat.com/support/errata/RHSA-2007-0360.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1014365
http://secunia.com/advisories/26235
http://secunia.com/advisories/26660
http://secunia.com/advisories/27037
http://secunia.com/advisories/28365
http://secunia.com/advisories/29242
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/33668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3087
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/0065
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2009/0233
Common Vulnerability Exposure (CVE) ID: CVE-2007-0450
20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal
http://www.securityfocus.com/archive/1/462791/100/0/threaded
20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
22960
http://www.securityfocus.com/bid/22960
239312
2446
http://securityreason.com/securityalert/2446
24732
http://secunia.com/advisories/24732
25106
http://secunia.com/advisories/25106
25159
25280
http://secunia.com/advisories/25280
26235
26660
27037
28365
30899
30908
33668
ADV-2007-0975
http://www.vupen.com/english/advisories/2007/0975
ADV-2007-2732
ADV-2007-3087
ADV-2007-3386
ADV-2008-0065
ADV-2008-1979
ADV-2009-0233
APPLE-SA-2007-07-31
GLSA-200705-03
http://security.gentoo.org/glsa/glsa-200705-03.xml
HPSBUX02262
MDKSA-2007:241
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
RHSA-2007:0327
RHSA-2007:0360
RHSA-2008:0261
SSRT071447
SUSE-SR:2007:005
http://www.novell.com/linux/security/advisories/2007_5_sr.html
SUSE-SR:2007:015
http://www.novell.com/linux/security/advisories/2007_15_sr.html
[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://docs.info.apple.com/article.html?artnum=306172
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html
http://www.sec-consult.com/287.html
http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt
oval:org.mitre.oval:def:10643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643
tomcat-proxy-directory-traversal(32988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
Common Vulnerability Exposure (CVE) ID: CVE-2007-1358
BugTraq ID: 24524
http://www.securityfocus.com/bid/24524
Bugtraq: 20070618 [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing (Google Search)
http://www.securityfocus.com/archive/1/471719/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://jvn.jp/jp/JVN%2316535199/index.html
http://osvdb.org/34881
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10679
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://www.securitytracker.com/id?1018269
http://secunia.com/advisories/25721
http://secunia.com/advisories/27727
http://secunia.com/advisories/31493
http://www.vupen.com/english/advisories/2007/1729
CopyrightCopyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.