Test Kennung:	1.3.6.1.4.1.25623.1.0.804520
Kategorie:	Web Servers
Titel:	Apache Tomcat Multiple Vulnerabilities - 02 (Mar 2014)
Zusammenfassung:	Apache Tomcat is prone to multiple vulnerabilities.
Beschreibung:	Summary: Apache Tomcat is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error when handling a request for specially crafted malformed header (i.e. whitespace after the : in a trailing header). - Improper parsing of XML data to an incorrectly configured XML parser accepting XML external entities from an untrusted source. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to potentially sensitive internal information or crash the program. Affected Software/OS: Apache Tomcat version 6.x before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10. Solution: Upgrade to version 6.0.39 or 7.0.50 or 8.0.0-RC10 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4322 BugTraq ID: 65767 http://www.securityfocus.com/bid/65767 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 http://seclists.org/fulldisclosure/2014/Dec/23 HPdes Security Advisory: HPSBOV03503 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2014:0686 https://rhn.redhat.com/errata/RHSA-2014-0686.html http://secunia.com/advisories/59036 http://secunia.com/advisories/59675 http://secunia.com/advisories/59722 http://secunia.com/advisories/59724 http://secunia.com/advisories/59873 http://www.ubuntu.com/usn/USN-2130-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4590 BugTraq ID: 65768 http://www.securityfocus.com/bid/65768
Copyright	Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.