Test Kennung:	1.3.6.1.4.1.25623.1.0.802678
Kategorie:	Web Servers
Titel:	Apache Tomcat Multiple Security Bypass Vulnerabilities - Windows
Zusammenfassung:	Apache Tomcat Server is prone to multiple security bypass vulnerabilities.
Beschreibung:	Summary: Apache Tomcat Server is prone to multiple security bypass vulnerabilities. Vulnerability Insight: The flaws are due to error in HTTP digest access authentication implementation, which does not properly validate for, - stale nonce values in conjunction with enforcement of proper credentials - caches information about the authenticated user within the session state - cnonce values instead of nonce and nc values. Vulnerability Impact: Successful exploitation could allow remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Affected Software/OS: Apache Tomcat version 5.5.x to 5.5.35, 6.x to 6.0.35 and 7.x to 7.0.29. Solution: Apply patch or upgrade Apache Tomcat to 5.5.36, 6.0.36, 7.0.30 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5887 BugTraq ID: 56403 http://www.securityfocus.com/bid/56403 RedHat Security Advisories: RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RedHat Security Advisories: RHSA-2013:0629 http://rhn.redhat.com/errata/RHSA-2013-0629.html RedHat Security Advisories: RHSA-2013:0631 http://rhn.redhat.com/errata/RHSA-2013-0631.html RedHat Security Advisories: RHSA-2013:0632 http://rhn.redhat.com/errata/RHSA-2013-0632.html RedHat Security Advisories: RHSA-2013:0633 http://rhn.redhat.com/errata/RHSA-2013-0633.html RedHat Security Advisories: RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RedHat Security Advisories: RHSA-2013:0647 http://rhn.redhat.com/errata/RHSA-2013-0647.html RedHat Security Advisories: RHSA-2013:0648 http://rhn.redhat.com/errata/RHSA-2013-0648.html RedHat Security Advisories: RHSA-2013:0726 http://rhn.redhat.com/errata/RHSA-2013-0726.html http://secunia.com/advisories/51371 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://www.ubuntu.com/usn/USN-1637-1 XForce ISS Database: tomcat-digest-security-bypass(79809) https://exchange.xforce.ibmcloud.com/vulnerabilities/79809 Common Vulnerability Exposure (CVE) ID: CVE-2012-5886 XForce ISS Database: tomcat-http-Digest-security-bypass(80407) https://exchange.xforce.ibmcloud.com/vulnerabilities/80407 Common Vulnerability Exposure (CVE) ID: CVE-2012-5885 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 XForce ISS Database: tomcat-replay-security-bypass(80408) https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.