ID de Prueba:	1.3.6.1.4.1.25623.1.0.62870
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0379
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0379. mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. mod_jk was first distributed with Red Hat Application Stack version 1.1 released on 19 February 2007. Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content (CVE-2007-1860). Users of mod_jk should upgrade to these updated packages, which address this issue by changing the default so mod_jk forwards the original unchanged request URL to Tomcat. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0379.html http://www.redhat.com/security/updates/classification/#important Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1860 1018138 http://www.securitytracker.com/id?1018138 24147 http://www.securityfocus.com/bid/24147 25159 http://www.securityfocus.com/bid/25159 25383 http://secunia.com/advisories/25383 25701 http://secunia.com/advisories/25701 26235 http://secunia.com/advisories/26235 26512 http://secunia.com/advisories/26512 27037 http://secunia.com/advisories/27037 29242 http://secunia.com/advisories/29242 34877 http://www.osvdb.org/34877 ADV-2007-1941 http://www.vupen.com/english/advisories/2007/1941 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 ADV-2007-3386 http://www.vupen.com/english/advisories/2007/3386 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html DSA-1312 http://www.debian.org/security/2007/dsa-1312 GLSA-200708-15 http://security.gentoo.org/glsa/glsa-200708-15.xml HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 RHSA-2007:0379 http://www.redhat.com/support/errata/RHSA-2007-0379.html RHSA-2008:0261 http://www.redhat.com/support/errata/RHSA-2008-0261.html SSRT071447 SUSE-SR:2008:005 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E http://docs.info.apple.com/article.html?artnum=306172 http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 http://tomcat.apache.org/security-jk.html oval:org.mitre.oval:def:6002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002 tomcat-jkconnector-security-bypass(34496) https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.