Test Kennung:	1.3.6.1.4.1.25623.1.0.807412
Kategorie:	Web Servers
Titel:	Apache Tomcat Directory Disclosure Vulnerability (Feb 2016) - Linux
Zusammenfassung:	Apache Tomcat is prone to Directory Disclosure Vulnerability.
Beschreibung:	Summary: Apache Tomcat is prone to Directory Disclosure Vulnerability. Vulnerability Insight: The flaw is due to an improper accessing a directory protected by a security constraint with a URL that did not end in a slash. Vulnerability Impact: Successful exploitation allows remote attackers to determine the existence of a directory. Affected Software/OS: Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.0.0.RC1 before 8.0.30, and 9.0.0.M1 on Linux. Solution: Upgrade to version 6.0.45 or 7.0.67 or 8.0.30 or 9.0.0.M3 later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5345 BugTraq ID: 83328 http://www.securityfocus.com/bid/83328 Bugtraq: 20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure (Google Search) http://seclists.org/bugtraq/2016/Feb/146 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 Debian Security Information: DSA-3552 (Google Search) http://www.debian.org/security/2016/dsa-3552 Debian Security Information: DSA-3609 (Google Search) http://www.debian.org/security/2016/dsa-3609 http://seclists.org/fulldisclosure/2016/Feb/122 https://security.gentoo.org/glsa/201705-09 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2016:1087 https://access.redhat.com/errata/RHSA-2016:1087 RedHat Security Advisories: RHSA-2016:1088 https://access.redhat.com/errata/RHSA-2016:1088 RedHat Security Advisories: RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html RedHat Security Advisories: RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RedHat Security Advisories: RHSA-2016:2599 http://rhn.redhat.com/errata/RHSA-2016-2599.html http://www.securitytracker.com/id/1035071 SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://www.ubuntu.com/usn/USN-3024-1
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.