ID de Prueba:	1.3.6.1.4.1.25623.1.0.64582
Categoría:	CentOS Local Security Checks
Título:	CentOS Security Advisory CESA-2009:1164 (tomcat)
Resumen:	The remote host is missing updates to tomcat announced in;advisory CESA-2009:1164.
Descripción:	Summary: The remote host is missing updates to tomcat announced in advisory CESA-2009:1164. Vulnerability Insight: For details on the issues addressed in this update, please visit the referenced security advisories. Solution: Update the appropriate packages on your system. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5333 20080208 [SECURITY] CVE-2007-5333: Tomcat Cookie handling vulnerabilities http://www.securityfocus.com/archive/1/487822/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 27706 http://www.securityfocus.com/bid/27706 28878 http://secunia.com/advisories/28878 28884 http://secunia.com/advisories/28884 28915 http://secunia.com/advisories/28915 29711 http://secunia.com/advisories/29711 30676 http://secunia.com/advisories/30676 30802 http://secunia.com/advisories/30802 31681 http://www.securityfocus.com/bid/31681 32036 http://secunia.com/advisories/32036 32222 http://secunia.com/advisories/32222 33330 http://secunia.com/advisories/33330 3636 http://securityreason.com/securityalert/3636 37460 http://secunia.com/advisories/37460 44183 http://secunia.com/advisories/44183 57126 http://secunia.com/advisories/57126 ADV-2008-0488 http://www.vupen.com/english/advisories/2008/0488 ADV-2008-1856 http://www.vupen.com/english/advisories/2008/1856/references ADV-2008-1981 http://www.vupen.com/english/advisories/2008/1981/references ADV-2008-2690 http://www.vupen.com/english/advisories/2008/2690 ADV-2008-2780 http://www.vupen.com/english/advisories/2008/2780 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2008-06-30 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html APPLE-SA-2008-10-09 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html FEDORA-2008-1467 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html FEDORA-2008-1603 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html GLSA-200804-10 http://security.gentoo.org/glsa/glsa-200804-10.xml HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 IZ20133 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20133 IZ20991 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20991 JVN#09470767 http://jvn.jp/jp/JVN%2309470767/index.html MDVSA-2009:018 http://www.mandriva.com/security/advisories?name=MDVSA-2009:018 MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT3216 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www-01.ibm.com/support/docview.wss?uid=swg24018932 http://www-01.ibm.com/support/docview.wss?uid=swg27012047 http://www-01.ibm.com/support/docview.wss?uid=swg27012048 http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html http://www.vmware.com/security/advisories/VMSA-2008-0010.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://bugzilla.redhat.com/show_bug.cgi?id=532111 oval:org.mitre.oval:def:11177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177 Common Vulnerability Exposure (CVE) ID: CVE-2008-5515 20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504170/100/0/threaded 20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504202/100/0/threaded 263529 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1 35263 http://www.securityfocus.com/bid/35263 35393 http://secunia.com/advisories/35393 35685 http://secunia.com/advisories/35685 35788 http://secunia.com/advisories/35788 39317 http://secunia.com/advisories/39317 42368 http://secunia.com/advisories/42368 ADV-2009-1520 http://www.vupen.com/english/advisories/2009/1520 ADV-2009-1535 http://www.vupen.com/english/advisories/2009/1535 ADV-2009-1856 http://www.vupen.com/english/advisories/2009/1856 ADV-2010-3056 http://www.vupen.com/english/advisories/2010/3056 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2207 http://www.debian.org/security/2011/dsa-2207 FEDORA-2009-11352 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html FEDORA-2009-11356 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html FEDORA-2009-11374 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPSBUX02579 http://marc.info/?l=bugtraq&m=129070310906557&w=2 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 JVN#63832775 http://jvn.jp/en/jp/JVN63832775/index.html MDVSA-2009:136 http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 MDVSA-2009:138 http://www.mandriva.com/security/advisories?name=MDVSA-2009:138 SSRT100029 SSRT100203 SSRT101146 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://support.apple.com/kb/HT4077 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html oval:org.mitre.oval:def:10422 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422 oval:org.mitre.oval:def:19452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452 oval:org.mitre.oval:def:6445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445 Common Vulnerability Exposure (CVE) ID: CVE-2009-0033 1022331 http://securitytracker.com/id?1022331 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector http://www.securityfocus.com/archive/1/504044/100/0/threaded 35193 http://www.securityfocus.com/bid/35193 35326 http://secunia.com/advisories/35326 35344 http://secunia.com/advisories/35344 ADV-2009-1496 http://www.vupen.com/english/advisories/2009/1496 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 JVN#87272440 http://jvn.jp/en/jp/JVN87272440/index.html SSRT100825 http://svn.apache.org/viewvc?rev=742915&view=rev http://svn.apache.org/viewvc?rev=781362&view=rev oval:org.mitre.oval:def:10231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231 oval:org.mitre.oval:def:19110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110 oval:org.mitre.oval:def:5739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739 tomcat-ajp-dos(50928) https://exchange.xforce.ibmcloud.com/vulnerabilities/50928 Common Vulnerability Exposure (CVE) ID: CVE-2009-0580 1022332 http://securitytracker.com/id?1022332 20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504045/100/0/threaded 20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504108/100/0/threaded 20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504125/100/0/threaded 35196 http://www.securityfocus.com/bid/35196 http://svn.apache.org/viewvc?rev=747840&view=rev http://svn.apache.org/viewvc?rev=781379&view=rev http://svn.apache.org/viewvc?rev=781382&view=rev oval:org.mitre.oval:def:18915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915 oval:org.mitre.oval:def:6628 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628 oval:org.mitre.oval:def:9101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101 tomcat-jsecuritycheck-info-disclosure(50930) https://exchange.xforce.ibmcloud.com/vulnerabilities/50930 Common Vulnerability Exposure (CVE) ID: CVE-2009-0781 20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application http://www.securityfocus.com/archive/1/501538/100/0/threaded oval:org.mitre.oval:def:11041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041 oval:org.mitre.oval:def:19345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345 oval:org.mitre.oval:def:6564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564 tomcat-cal2-xss(49213) https://exchange.xforce.ibmcloud.com/vulnerabilities/49213 Common Vulnerability Exposure (CVE) ID: CVE-2009-0783 1022336 http://www.securitytracker.com/id?1022336 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure http://www.securityfocus.com/archive/1/504090/100/0/threaded 35416 http://www.securityfocus.com/bid/35416 http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 oval:org.mitre.oval:def:10716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716 oval:org.mitre.oval:def:18913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913 oval:org.mitre.oval:def:6450 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450 tomcat-xml-information-disclosure(51195) https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.