English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61532
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDVSA-2008:188 (tomcat5)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to tomcat5
announced via advisory MDVSA-2008:188.

A number of vulnerabilities have been discovered in the Apache
Tomcat server:

The default catalina.policy in the JULI logging component did not
restrict certain permissions for web applications which could allow a
remote attacker to modify logging configuration options and overwrite
arbitrary files (CVE-2007-5342).

A cross-site scripting vulnerability was found in the
HttpServletResponse.sendError() method which could allow a remote
attacker to inject arbitrary web script or HTML via forged HTTP headers
(CVE-2008-1232).

A cross-site scripting vulnerability was found in the host manager
application that could allow a remote attacker to inject arbitrary
web script or HTML via the hostname parameter (CVE-2008-1947).

A traversal vulnerability was found when using a RequestDispatcher in
combination with a servlet or JSP that could allow a remote attacker
to utilize a specially-crafted request parameter to access protected
web resources (CVE-2008-2370).

A traversal vulnerability was found when the 'allowLinking' and
'URIencoding' settings were actived which could allow a remote attacker
to use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process (CVE-2008-2938).

The updated packages have been patched to correct these issues.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:188

Risk factor : High

CVSS Score:
6.4

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5342
20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open
http://www.securityfocus.com/archive/1/485481/100/0/threaded
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/archive/1/507985/100/0/threaded
27006
http://www.securityfocus.com/bid/27006
28274
http://secunia.com/advisories/28274
28317
http://secunia.com/advisories/28317
28915
http://secunia.com/advisories/28915
29313
http://secunia.com/advisories/29313
29711
http://secunia.com/advisories/29711
30676
http://secunia.com/advisories/30676
31681
http://www.securityfocus.com/bid/31681
32120
http://secunia.com/advisories/32120
32222
http://secunia.com/advisories/32222
32266
http://secunia.com/advisories/32266
3485
http://securityreason.com/securityalert/3485
37460
http://secunia.com/advisories/37460
39833
http://osvdb.org/39833
57126
http://secunia.com/advisories/57126
ADV-2008-0013
http://www.vupen.com/english/advisories/2008/0013
ADV-2008-1856
http://www.vupen.com/english/advisories/2008/1856/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
ADV-2008-2823
http://www.vupen.com/english/advisories/2008/2823
ADV-2009-3316
http://www.vupen.com/english/advisories/2009/3316
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
DSA-1447
http://www.debian.org/security/2008/dsa-1447
FEDORA-2008-1467
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
FEDORA-2008-1603
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
GLSA-200804-10
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
MDVSA-2008:188
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
RHSA-2008:0042
http://www.redhat.com/support/errata/RHSA-2008-0042.html
RHSA-2008:0195
http://www.redhat.com/support/errata/RHSA-2008-0195.html
RHSA-2008:0831
http://www.redhat.com/support/errata/RHSA-2008-0831.html
RHSA-2008:0832
http://www.redhat.com/support/errata/RHSA-2008-0832.html
RHSA-2008:0833
http://www.redhat.com/support/errata/RHSA-2008-0833.html
RHSA-2008:0834
http://www.redhat.com/support/errata/RHSA-2008-0834.html
RHSA-2008:0862
http://www.redhat.com/support/errata/RHSA-2008-0862.html
SUSE-SR:2009:004
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
apache-juli-logging-weak-security(39201)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://svn.apache.org/viewvc?view=rev&revision=606594
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
oval:org.mitre.oval:def:10417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
Common Vulnerability Exposure (CVE) ID: CVE-2008-1232
1020622
http://www.securitytracker.com/id?1020622
20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability
http://www.securityfocus.com/archive/1/495021/100/0/threaded
20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability
http://www.securityfocus.com/archive/1/504351/100/0/threaded
20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management
http://www.securityfocus.com/archive/1/505556/100/0/threaded
30496
http://www.securityfocus.com/bid/30496
31379
http://secunia.com/advisories/31379
31381
http://secunia.com/advisories/31381
31639
http://secunia.com/advisories/31639
31865
http://secunia.com/advisories/31865
31891
http://secunia.com/advisories/31891
31982
http://secunia.com/advisories/31982
33797
http://secunia.com/advisories/33797
33999
http://secunia.com/advisories/33999
34013
http://secunia.com/advisories/34013
35474
http://secunia.com/advisories/35474
36108
http://secunia.com/advisories/36108
4098
http://securityreason.com/securityalert/4098
ADV-2008-2305
http://www.vupen.com/english/advisories/2008/2305
ADV-2009-0320
http://www.vupen.com/english/advisories/2009/0320
ADV-2009-0503
http://www.vupen.com/english/advisories/2009/0503
ADV-2009-1609
http://www.vupen.com/english/advisories/2009/1609
ADV-2009-2194
http://www.vupen.com/english/advisories/2009/2194
FEDORA-2008-7977
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
FEDORA-2008-8113
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
FEDORA-2008-8130
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
RHSA-2008:0648
http://www.redhat.com/support/errata/RHSA-2008-0648.html
RHSA-2008:0864
http://www.redhat.com/support/errata/RHSA-2008-0864.html
SSRT090005
SUSE-SR:2008:018
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx
http://tomcat.apache.org/security-4.html
http://www.vmware.com/security/advisories/VMSA-2009-0002.html
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095
oval:org.mitre.oval:def:11181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
oval:org.mitre.oval:def:5985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
tomcat-httpservletresponse-xss(44155)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
Common Vulnerability Exposure (CVE) ID: CVE-2008-1947
1020624
http://www.securitytracker.com/id?1020624
20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
http://www.securityfocus.com/archive/1/492958/100/0/threaded
29502
http://www.securityfocus.com/bid/29502
30500
http://secunia.com/advisories/30500
30592
http://secunia.com/advisories/30592
30967
http://secunia.com/advisories/30967
ADV-2008-1725
http://www.vupen.com/english/advisories/2008/1725
DSA-1593
http://www.debian.org/security/2008/dsa-1593
SUSE-SR:2008:014
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
[tomcat-user] 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
apache-tomcat-hostmanager-xss(42816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
oval:org.mitre.oval:def:11534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
oval:org.mitre.oval:def:6009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
Common Vulnerability Exposure (CVE) ID: CVE-2008-2370
1020623
http://www.securitytracker.com/id?1020623
20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability
http://www.securityfocus.com/archive/1/495022/100/0/threaded
30494
http://www.securityfocus.com/bid/30494
35393
http://secunia.com/advisories/35393
36249
http://secunia.com/advisories/36249
4099
http://securityreason.com/securityalert/4099
ADV-2009-1535
http://www.vupen.com/english/advisories/2009/1535
ADV-2009-2215
http://www.vupen.com/english/advisories/2009/2215
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
oval:org.mitre.oval:def:10577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
oval:org.mitre.oval:def:5876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
tomcat-requestdispatcher-info-disclosure(44156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
1020665
http://www.securitytracker.com/id?1020665
20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
http://www.securityfocus.com/archive/1/495318/100/0/threaded
20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/507729/100/0/threaded
30633
http://www.securityfocus.com/bid/30633
37297
http://secunia.com/advisories/37297
4148
http://securityreason.com/securityalert/4148
6229
https://www.exploit-db.com/exploits/6229
ADV-2008-2343
http://www.vupen.com/english/advisories/2008/2343
VU#343355
http://www.kb.cert.org/vuls/id/343355
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
oval:org.mitre.oval:def:10587
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
tomcat-allowlinking-utf8-directory-traversal(44411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.