Test Kennung:	1.3.6.1.4.1.25623.1.0.800813
Kategorie:	Web Servers
Titel:	Apache Tomcat Multiple Vulnerabilities (Jun 2009)
Zusammenfassung:	Apache Tomcat Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Apache Tomcat Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flows are due to: - Error in 'XML parser' used for other web applications, which allows local users to read or modify the web.xml, context.xml, or tld files via a crafted application that is loaded earlier than the target application. - when FORM authentication is used, cause enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. - when the 'Java AJP connector' and 'mod_jk load balancing' are used, via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. Vulnerability Impact: Successful attempt could lead to remote code execution and attacker can gain the full permission on affected file, and can cause denial of service. Affected Software/OS: Apache Tomcat version 6.0.0 to 6.0.18 Apache Tomcat version 5.5.0 to 5.5.27 Apache Tomcat version 4.1.0 to 4.1.39 Solution: Upgrade to Apache Tomcat version 4.1.40, or 5.5.28, or 6.0.20 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0033 1022331 http://securitytracker.com/id?1022331 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector http://www.securityfocus.com/archive/1/504044/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 263529 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1 35193 http://www.securityfocus.com/bid/35193 35326 http://secunia.com/advisories/35326 35344 http://secunia.com/advisories/35344 35685 http://secunia.com/advisories/35685 35788 http://secunia.com/advisories/35788 37460 http://secunia.com/advisories/37460 42368 http://secunia.com/advisories/42368 ADV-2009-1496 http://www.vupen.com/english/advisories/2009/1496 ADV-2009-1856 http://www.vupen.com/english/advisories/2009/1856 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 ADV-2010-3056 http://www.vupen.com/english/advisories/2010/3056 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2207 http://www.debian.org/security/2011/dsa-2207 FEDORA-2009-11352 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html FEDORA-2009-11356 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html FEDORA-2009-11374 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBUX02579 http://marc.info/?l=bugtraq&m=129070310906557&w=2 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 JVN#87272440 http://jvn.jp/en/jp/JVN87272440/index.html MDVSA-2009:136 http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 MDVSA-2009:138 http://www.mandriva.com/security/advisories?name=MDVSA-2009:138 MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 SSRT100029 SSRT100203 SSRT100825 SSRT101146 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT4077 http://svn.apache.org/viewvc?rev=742915&view=rev http://svn.apache.org/viewvc?rev=781362&view=rev http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html oval:org.mitre.oval:def:10231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231 oval:org.mitre.oval:def:19110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110 oval:org.mitre.oval:def:5739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739 tomcat-ajp-dos(50928) https://exchange.xforce.ibmcloud.com/vulnerabilities/50928 Common Vulnerability Exposure (CVE) ID: CVE-2009-0580 1022332 http://securitytracker.com/id?1022332 20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504045/100/0/threaded 20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504108/100/0/threaded 20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504125/100/0/threaded 35196 http://www.securityfocus.com/bid/35196 http://svn.apache.org/viewvc?rev=747840&view=rev http://svn.apache.org/viewvc?rev=781379&view=rev http://svn.apache.org/viewvc?rev=781382&view=rev oval:org.mitre.oval:def:18915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915 oval:org.mitre.oval:def:6628 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628 oval:org.mitre.oval:def:9101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101 tomcat-jsecuritycheck-info-disclosure(50930) https://exchange.xforce.ibmcloud.com/vulnerabilities/50930 Common Vulnerability Exposure (CVE) ID: CVE-2009-0783 1022336 http://www.securitytracker.com/id?1022336 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure http://www.securityfocus.com/archive/1/504090/100/0/threaded 35416 http://www.securityfocus.com/bid/35416 http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 oval:org.mitre.oval:def:10716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716 oval:org.mitre.oval:def:18913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913 oval:org.mitre.oval:def:6450 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450 tomcat-xml-information-disclosure(51195) https://exchange.xforce.ibmcloud.com/vulnerabilities/51195 Common Vulnerability Exposure (CVE) ID: CVE-2008-5515 20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504170/100/0/threaded 20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504202/100/0/threaded 35263 http://www.securityfocus.com/bid/35263 35393 http://secunia.com/advisories/35393 39317 http://secunia.com/advisories/39317 44183 http://secunia.com/advisories/44183 ADV-2009-1520 http://www.vupen.com/english/advisories/2009/1520 ADV-2009-1535 http://www.vupen.com/english/advisories/2009/1535 JVN#63832775 http://jvn.jp/en/jp/JVN63832775/index.html SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html oval:org.mitre.oval:def:10422 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422 oval:org.mitre.oval:def:19452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452 oval:org.mitre.oval:def:6445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.