Test Kennung:	1.3.6.1.4.1.25623.1.0.800024
Kategorie:	Web Servers
Titel:	Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Zusammenfassung:	Apache Tomcat Server is running on this host and that is prone to; a security bypass vulnerability.
Beschreibung:	Summary: Apache Tomcat Server is running on this host and that is prone to a security bypass vulnerability. Vulnerability Insight: Flaw in the application is due to the synchronisation problem when checking IP addresses. This could allow user from a non permitted IP address to gain access to a context that is protected with a valve that extends RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve implementations. Vulnerability Impact: Successful attempt could lead to remote code execution and attacker can gain access to context of the filtered value. Affected Software/OS: Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0. Solution: Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3271 1021039 http://www.securitytracker.com/id?1021039 20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure http://www.securityfocus.com/archive/1/497220/100/0/threaded 31698 http://www.securityfocus.com/bid/31698 32213 http://secunia.com/advisories/32213 32234 http://secunia.com/advisories/32234 32398 http://secunia.com/advisories/32398 35684 http://secunia.com/advisories/35684 4396 http://securityreason.com/securityalert/4396 ADV-2008-2793 http://www.vupen.com/english/advisories/2008/2793 ADV-2008-2800 http://www.vupen.com/english/advisories/2008/2800 ADV-2009-1818 http://www.vupen.com/english/advisories/2009/1818 JVN#30732239 http://jvn.jp/en/jp/JVN30732239/index.html JVNDB-2008-000069 http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html SUSE-SR:2008:023 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E apache-tomcat-valve-security-bypass(45791) https://exchange.xforce.ibmcloud.com/vulnerabilities/45791 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html http://www.nec.co.jp/security-info/secinfo/nv09-006.html https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.