Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0583

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67742

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0583

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0583.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to resolve this issue. Tomcat must be restarted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0583.html
http://www.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-5.html

Risk factor : High

CVSS Score:
6.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2227
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 41544
http://www.securityfocus.com/bid/41544
Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512272/100/0/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Debian Security Information: DSA-2207 (Google Search)
http://www.debian.org/security/2011/dsa-2207
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100203
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
http://www.redhat.com/support/errata/RHSA-2010-0580.html
http://www.redhat.com/support/errata/RHSA-2010-0581.html
http://www.redhat.com/support/errata/RHSA-2010-0582.html
http://www.redhat.com/support/errata/RHSA-2010-0583.html
http://securitytracker.com/id?1024180
http://secunia.com/advisories/40813
http://secunia.com/advisories/41025
http://secunia.com/advisories/42079
http://secunia.com/advisories/42368
http://secunia.com/advisories/42454
http://secunia.com/advisories/43310
http://secunia.com/advisories/44183
http://secunia.com/advisories/57126
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.vupen.com/english/advisories/2010/1986
http://www.vupen.com/english/advisories/2010/2868
http://www.vupen.com/english/advisories/2010/3056
XForce ISS Database: tomcat-transferencoding-dos(60264)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60264

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67742
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0583
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0583. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially-crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to resolve this issue. Tomcat must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0583.html http://www.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-5.html Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2227 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 41544 http://www.securityfocus.com/bid/41544 Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512272/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded Debian Security Information: DSA-2207 (Google Search) http://www.debian.org/security/2011/dsa-2207 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02579 http://marc.info/?l=bugtraq&m=129070310906557&w=2 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100203 HPdes Security Advisory: SSRT101146 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:177 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532 http://www.redhat.com/support/errata/RHSA-2010-0580.html http://www.redhat.com/support/errata/RHSA-2010-0581.html http://www.redhat.com/support/errata/RHSA-2010-0582.html http://www.redhat.com/support/errata/RHSA-2010-0583.html http://securitytracker.com/id?1024180 http://secunia.com/advisories/40813 http://secunia.com/advisories/41025 http://secunia.com/advisories/42079 http://secunia.com/advisories/42368 http://secunia.com/advisories/42454 http://secunia.com/advisories/43310 http://secunia.com/advisories/44183 http://secunia.com/advisories/57126 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vupen.com/english/advisories/2010/1986 http://www.vupen.com/english/advisories/2010/2868 http://www.vupen.com/english/advisories/2010/3056 XForce ISS Database: tomcat-transferencoding-dos(60264) https://exchange.xforce.ibmcloud.com/vulnerabilities/60264
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com