ID de Prueba:	1.3.6.1.4.1.25623.1.0.60810
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200804-10 (tomcat)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200804-10.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200804-10. Vulnerability Insight: Multiple vulnerabilities in Tomcat may lead to local file overwriting, session hijacking or information disclosure. Solution: All Tomcat 5.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-5.5.26' All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.16' CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5333 20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities http://www.securityfocus.com/archive/1/487822/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 27706 http://www.securityfocus.com/bid/27706 28878 http://secunia.com/advisories/28878 28884 http://secunia.com/advisories/28884 28915 http://secunia.com/advisories/28915 29711 http://secunia.com/advisories/29711 30676 http://secunia.com/advisories/30676 30802 http://secunia.com/advisories/30802 31681 http://www.securityfocus.com/bid/31681 32036 http://secunia.com/advisories/32036 32222 http://secunia.com/advisories/32222 33330 http://secunia.com/advisories/33330 3636 http://securityreason.com/securityalert/3636 37460 http://secunia.com/advisories/37460 44183 http://secunia.com/advisories/44183 57126 http://secunia.com/advisories/57126 ADV-2008-0488 http://www.vupen.com/english/advisories/2008/0488 ADV-2008-1856 http://www.vupen.com/english/advisories/2008/1856/references ADV-2008-1981 http://www.vupen.com/english/advisories/2008/1981/references ADV-2008-2690 http://www.vupen.com/english/advisories/2008/2690 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2008-06-30 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-1467 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html FEDORA-2008-1603 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html GLSA-200804-10 http://security.gentoo.org/glsa/glsa-200804-10.xml HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 IZ20133 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133 IZ20991 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991 JVN#09470767 http://jvn.jp/jp/JVN%2309470767/index.html MDVSA-2009:018 http://www.mandriva.com/security/advisories?name=MDVSA-2009:018 MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT3216 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www-01.ibm.com/support/docview.wss?uid=swg24018932 http://www-01.ibm.com/support/docview.wss?uid=swg27012047 http://www-01.ibm.com/support/docview.wss?uid=swg27012048 http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html http://www.vmware.com/security/advisories/VMSA-2008-0010.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://bugzilla.redhat.com/show_bug.cgi?id=532111 oval:org.mitre.oval:def:11177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177 Common Vulnerability Exposure (CVE) ID: CVE-2007-5342 20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open http://www.securityfocus.com/archive/1/485481/100/0/threaded 27006 http://www.securityfocus.com/bid/27006 28274 http://secunia.com/advisories/28274 28317 http://secunia.com/advisories/28317 29313 http://secunia.com/advisories/29313 32120 http://secunia.com/advisories/32120 32266 http://secunia.com/advisories/32266 3485 http://securityreason.com/securityalert/3485 39833 http://osvdb.org/39833 ADV-2008-0013 http://www.vupen.com/english/advisories/2008/0013 ADV-2008-2823 http://www.vupen.com/english/advisories/2008/2823 DSA-1447 http://www.debian.org/security/2008/dsa-1447 MDVSA-2008:188 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 RHSA-2008:0042 http://www.redhat.com/support/errata/RHSA-2008-0042.html RHSA-2008:0195 http://www.redhat.com/support/errata/RHSA-2008-0195.html RHSA-2008:0831 http://www.redhat.com/support/errata/RHSA-2008-0831.html RHSA-2008:0832 http://www.redhat.com/support/errata/RHSA-2008-0832.html RHSA-2008:0833 http://www.redhat.com/support/errata/RHSA-2008-0833.html RHSA-2008:0834 http://www.redhat.com/support/errata/RHSA-2008-0834.html RHSA-2008:0862 http://www.redhat.com/support/errata/RHSA-2008-0862.html apache-juli-logging-weak-security(39201) https://exchange.xforce.ibmcloud.com/vulnerabilities/39201 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://svn.apache.org/viewvc?view=rev&revision=606594 oval:org.mitre.oval:def:10417 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417 Common Vulnerability Exposure (CVE) ID: CVE-2007-5461 BugTraq ID: 26070 http://www.securityfocus.com/bid/26070 BugTraq ID: 31681 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) Debian Security Information: DSA-1447 (Google Search) Debian Security Information: DSA-1453 (Google Search) http://www.debian.org/security/2008/dsa-1453 https://www.exploit-db.com/exploits/4530 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html http://marc.info/?l=full-disclosure&m=119239530508382 HPdes Security Advisory: HPSBST02955 http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 http://issues.apache.org/jira/browse/GERONIMO-3549 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202 http://www.redhat.com/support/errata/RHSA-2008-0261.html RedHat Security Advisories: RHSA-2008:0630 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.securitytracker.com/id?1018864 http://secunia.com/advisories/27398 http://secunia.com/advisories/27446 http://secunia.com/advisories/27481 http://secunia.com/advisories/27727 http://secunia.com/advisories/28361 http://secunia.com/advisories/29242 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/31493 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 SuSE Security Announcement: SUSE-SR:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://www.vupen.com/english/advisories/2007/3622 http://www.vupen.com/english/advisories/2007/3671 http://www.vupen.com/english/advisories/2007/3674 http://www.vupen.com/english/advisories/2008/1979/references XForce ISS Database: apache-tomcat-webdav-dir-traversal(37243) https://exchange.xforce.ibmcloud.com/vulnerabilities/37243 Common Vulnerability Exposure (CVE) ID: CVE-2007-6286 Bugtraq: 20080208 [SECURITY] CVE-2007-6286: Tomcat duplicate request processing vulnerability (Google Search) http://www.securityfocus.com/archive/1/487823/100/0/threaded http://securityreason.com/securityalert/3637 Common Vulnerability Exposure (CVE) ID: CVE-2008-0002 BugTraq ID: 27703 http://www.securityfocus.com/bid/27703 Bugtraq: 20080208 CVE-2008-0002: Tomcat information disclosure vulnerability (Google Search) http://www.securityfocus.com/archive/1/487812/100/0/threaded http://secunia.com/advisories/28834 http://securityreason.com/securityalert/3638
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.