English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75096 CVE Beschreibungen
und 39644 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.60721
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0042
Zusammenfassung:Redhat Security Advisory RHSA-2008:0042
Beschreibung:
The remote host is missing updates announced in
advisory RHSA-2008:0042.

Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.

A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. In some configurations it allowed remote authenticated users to
read files accessible to the local tomcat process. (CVE-2007-5461)

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)

Users of Tomcat should update to these errata packages, which contain
backported patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0042.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5461
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://marc.info/?l=full-disclosure&m=119239530508382
http://www.milw0rm.com/exploits/4530
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
http://issues.apache.org/jira/browse/GERONIMO-3549
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Debian Security Information: DSA-1447 (Google Search)
http://www.debian.org/security/2008/dsa-1447
Debian Security Information: DSA-1453 (Google Search)
http://www.debian.org/security/2008/dsa-1453
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
BugTraq ID: 26070
http://www.securityfocus.com/bid/26070
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9202
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://www.vupen.com/english/advisories/2007/3622
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2008/2780
http://www.securitytracker.com/id?1018864
http://secunia.com/advisories/27398
http://secunia.com/advisories/27446
http://secunia.com/advisories/27481
http://secunia.com/advisories/27727
http://secunia.com/advisories/28317
http://secunia.com/advisories/28361
http://secunia.com/advisories/29242
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/30676
http://secunia.com/advisories/30802
http://secunia.com/advisories/30908
http://secunia.com/advisories/30899
http://secunia.com/advisories/31493
http://secunia.com/advisories/32222
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: apache-tomcat-webdav-dir-traversal(37243)
http://xforce.iss.net/xforce/xfdb/37243
Common Vulnerability Exposure (CVE) ID: CVE-2007-5342
Bugtraq: 20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open (Google Search)
http://www.securityfocus.com/archive/1/archive/1/485481/100/0/threaded
http://svn.apache.org/viewvc?view=rev&revision=606594
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0831.html
http://www.redhat.com/support/errata/RHSA-2008-0832.html
http://www.redhat.com/support/errata/RHSA-2008-0833.html
http://www.redhat.com/support/errata/RHSA-2008-0834.html
BugTraq ID: 27006
http://www.securityfocus.com/bid/27006
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10417
http://www.vupen.com/english/advisories/2008/0013
http://osvdb.org/39833
http://secunia.com/advisories/28274
http://secunia.com/advisories/28915
http://securityreason.com/securityalert/3485
XForce ISS Database: apache-juli-logging-weak-security(39201)
http://xforce.iss.net/xforce/xfdb/39201
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39644 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.