ID de Prueba:	1.3.6.1.4.1.25623.1.0.120648
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-658)
Resumen:	The remote host is missing an update for the 'tomcat8' package(s) announced via the ALAS-2016-658 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tomcat8' package(s) announced via the ALAS-2016-658 advisory. Vulnerability Insight: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) Affected Software/OS: 'tomcat8' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7810 BugTraq ID: 74665 http://www.securityfocus.com/bid/74665 Debian Security Information: DSA-3428 (Google Search) http://www.debian.org/security/2015/dsa-3428 Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:1621 http://rhn.redhat.com/errata/RHSA-2015-1621.html RedHat Security Advisories: RHSA-2015:1622 http://rhn.redhat.com/errata/RHSA-2015-1622.html RedHat Security Advisories: RHSA-2016:0492 http://rhn.redhat.com/errata/RHSA-2016-0492.html RedHat Security Advisories: RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.securitytracker.com/id/1032330 http://www.ubuntu.com/usn/USN-2654-1 http://www.ubuntu.com/usn/USN-2655-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5174 BugTraq ID: 83329 http://www.securityfocus.com/bid/83329 Bugtraq: 20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal (Google Search) http://seclists.org/bugtraq/2016/Feb/149 Debian Security Information: DSA-3552 (Google Search) http://www.debian.org/security/2016/dsa-3552 Debian Security Information: DSA-3609 (Google Search) http://www.debian.org/security/2016/dsa-3609 https://security.gentoo.org/glsa/201705-09 http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2016:1432 https://access.redhat.com/errata/RHSA-2016:1432 RedHat Security Advisories: RHSA-2016:1433 https://access.redhat.com/errata/RHSA-2016:1433 RedHat Security Advisories: RHSA-2016:1434 https://access.redhat.com/errata/RHSA-2016:1434 RedHat Security Advisories: RHSA-2016:1435 http://rhn.redhat.com/errata/RHSA-2016-1435.html RedHat Security Advisories: RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RedHat Security Advisories: RHSA-2016:2599 http://rhn.redhat.com/errata/RHSA-2016-2599.html http://www.securitytracker.com/id/1035070 SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://www.ubuntu.com/usn/USN-3024-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5345 BugTraq ID: 83328 http://www.securityfocus.com/bid/83328 Bugtraq: 20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure (Google Search) http://seclists.org/bugtraq/2016/Feb/146 http://seclists.org/fulldisclosure/2016/Feb/122 http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html RedHat Security Advisories: RHSA-2016:1087 https://access.redhat.com/errata/RHSA-2016:1087 RedHat Security Advisories: RHSA-2016:1088 https://access.redhat.com/errata/RHSA-2016:1088 RedHat Security Advisories: RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://www.securitytracker.com/id/1035071
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.