ID de Prueba:	1.3.6.1.4.1.25623.1.0.62074
Categoría:	CentOS Local Security Checks
Título:	CentOS Security Advisory CESA-2008:0648 (tomcat5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates to tomcat5 announced in advisory CESA-2008:0648. For details on the issues addressed in this update, please visit the referenced security advisories. Solution: Update the appropriate packages on your system. http://www.securityspace.com/smysecure/catid.html?in=CESA-2008:0648 http://www.securityspace.com/smysecure/catid.html?in=RHSA-2008:0648 https://rhn.redhat.com/errata/RHSA-2008-0648.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1232 1020622 http://www.securitytracker.com/id?1020622 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability http://www.securityfocus.com/archive/1/495021/100/0/threaded 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability http://www.securityfocus.com/archive/1/504351/100/0/threaded 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management http://www.securityfocus.com/archive/1/505556/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 30496 http://www.securityfocus.com/bid/30496 31379 http://secunia.com/advisories/31379 31381 http://secunia.com/advisories/31381 31639 http://secunia.com/advisories/31639 31681 http://www.securityfocus.com/bid/31681 31865 http://secunia.com/advisories/31865 31891 http://secunia.com/advisories/31891 31982 http://secunia.com/advisories/31982 32120 http://secunia.com/advisories/32120 32222 http://secunia.com/advisories/32222 32266 http://secunia.com/advisories/32266 33797 http://secunia.com/advisories/33797 33999 http://secunia.com/advisories/33999 34013 http://secunia.com/advisories/34013 35474 http://secunia.com/advisories/35474 36108 http://secunia.com/advisories/36108 37460 http://secunia.com/advisories/37460 4098 http://securityreason.com/securityalert/4098 57126 http://secunia.com/advisories/57126 ADV-2008-2305 http://www.vupen.com/english/advisories/2008/2305 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2008-2823 http://www.vupen.com/english/advisories/2008/2823 ADV-2009-0320 http://www.vupen.com/english/advisories/2009/0320 ADV-2009-0503 http://www.vupen.com/english/advisories/2009/0503 ADV-2009-1609 http://www.vupen.com/english/advisories/2009/1609 ADV-2009-2194 http://www.vupen.com/english/advisories/2009/2194 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-7977 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html FEDORA-2008-8113 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html FEDORA-2008-8130 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 MDVSA-2008:188 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 RHSA-2008:0648 http://www.redhat.com/support/errata/RHSA-2008-0648.html RHSA-2008:0862 http://www.redhat.com/support/errata/RHSA-2008-0862.html RHSA-2008:0864 http://www.redhat.com/support/errata/RHSA-2008-0864.html SSRT090005 SUSE-SR:2008:018 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2009-0002.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095 oval:org.mitre.oval:def:11181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181 oval:org.mitre.oval:def:5985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985 tomcat-httpservletresponse-xss(44155) https://exchange.xforce.ibmcloud.com/vulnerabilities/44155 Common Vulnerability Exposure (CVE) ID: CVE-2008-1947 1020624 http://www.securitytracker.com/id?1020624 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability http://www.securityfocus.com/archive/1/492958/100/0/threaded 29502 http://www.securityfocus.com/bid/29502 30500 http://secunia.com/advisories/30500 30592 http://secunia.com/advisories/30592 30967 http://secunia.com/advisories/30967 ADV-2008-1725 http://www.vupen.com/english/advisories/2008/1725 DSA-1593 http://www.debian.org/security/2008/dsa-1593 SUSE-SR:2008:014 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html [tomcat-user] 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability http://marc.info/?l=tomcat-user&m=121244319501278&w=2 apache-tomcat-hostmanager-xss(42816) https://exchange.xforce.ibmcloud.com/vulnerabilities/42816 oval:org.mitre.oval:def:11534 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534 oval:org.mitre.oval:def:6009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009 Common Vulnerability Exposure (CVE) ID: CVE-2008-2370 1020623 http://www.securitytracker.com/id?1020623 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability http://www.securityfocus.com/archive/1/495022/100/0/threaded 30494 http://www.securityfocus.com/bid/30494 35393 http://secunia.com/advisories/35393 36249 http://secunia.com/advisories/36249 4099 http://securityreason.com/securityalert/4099 ADV-2009-1535 http://www.vupen.com/english/advisories/2009/1535 ADV-2009-2215 http://www.vupen.com/english/advisories/2009/2215 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html oval:org.mitre.oval:def:10577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577 oval:org.mitre.oval:def:5876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876 tomcat-requestdispatcher-info-disclosure(44156) https://exchange.xforce.ibmcloud.com/vulnerabilities/44156 Common Vulnerability Exposure (CVE) ID: CVE-2008-2938 1020665 http://www.securitytracker.com/id?1020665 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability http://www.securityfocus.com/archive/1/495318/100/0/threaded 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities http://www.securityfocus.com/archive/1/507729/100/0/threaded 30633 http://www.securityfocus.com/bid/30633 37297 http://secunia.com/advisories/37297 4148 http://securityreason.com/securityalert/4148 6229 https://www.exploit-db.com/exploits/6229 ADV-2008-2343 http://www.vupen.com/english/advisories/2008/2343 VU#343355 http://www.kb.cert.org/vuls/id/343355 http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt oval:org.mitre.oval:def:10587 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587 tomcat-allowlinking-utf8-directory-traversal(44411) https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.