ID de Prueba:	1.3.6.1.4.1.25623.1.0.69219
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0335
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0335. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug: * A bug in the tomcat6 init script prevented additional Tomcat instances from starting. As well, running service tomcat6 start caused configuration options applied from /etc/sysconfig/tomcat6 to be overwritten with those from /etc/tomcat6/tomcat6.conf. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0335.html http://tomcat.apache.org/security-6.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4476 AIX APAR: IZ94423 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423 AIX APAR: PM31983 http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983 Debian Security Information: DSA-2161 (Google Search) http://www.debian.org/security/2011/dsa-2161 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMA02642 http://marc.info/?l=bugtraq&m=130514352726432&w=2 HPdes Security Advisory: HPSBMU02690 http://marc.info/?l=bugtraq&m=131041767210772&w=2 HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBNS02633 http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475 HPdes Security Advisory: HPSBOV02634 http://marc.info/?l=bugtraq&m=130497132406206&w=2 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBTU02684 http://marc.info/?l=bugtraq&m=130497185606818&w=2 HPdes Security Advisory: HPSBUX02633 http://marc.info/?l=bugtraq&m=129899347607632&w=2 HPdes Security Advisory: HPSBUX02641 http://marc.info/?l=bugtraq&m=129960314701922&w=2 HPdes Security Advisory: HPSBUX02642 http://marc.info/?l=bugtraq&m=130270785502599&w=2 HPdes Security Advisory: HPSBUX02645 http://marc.info/?l=bugtraq&m=130168502603566&w=2 HPdes Security Advisory: HPSBUX02725 http://marc.info/?l=bugtraq&m=132215163318824&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100387 HPdes Security Advisory: SSRT100390 HPdes Security Advisory: SSRT100412 HPdes Security Advisory: SSRT100415 HPdes Security Advisory: SSRT100569 HPdes Security Advisory: SSRT100627 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 HPdes Security Advisory: SSRT101146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://blog.fortify.com/blog/2011/02/08/Double-Trouble http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493 http://www.redhat.com/support/errata/RHSA-2011-0210.html http://www.redhat.com/support/errata/RHSA-2011-0211.html http://www.redhat.com/support/errata/RHSA-2011-0212.html http://www.redhat.com/support/errata/RHSA-2011-0213.html http://www.redhat.com/support/errata/RHSA-2011-0214.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0333.html http://www.redhat.com/support/errata/RHSA-2011-0334.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.securitytracker.com/id?1025062 http://secunia.com/advisories/43048 http://secunia.com/advisories/43280 http://secunia.com/advisories/43295 http://secunia.com/advisories/43304 http://secunia.com/advisories/43333 http://secunia.com/advisories/43378 http://secunia.com/advisories/43400 http://secunia.com/advisories/43659 http://secunia.com/advisories/44954 http://secunia.com/advisories/45022 http://secunia.com/advisories/45555 http://secunia.com/advisories/49198 SuSE Security Announcement: SUSE-SA:2011:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://www.vupen.com/english/advisories/2011/0365 http://www.vupen.com/english/advisories/2011/0377 http://www.vupen.com/english/advisories/2011/0379 http://www.vupen.com/english/advisories/2011/0422 http://www.vupen.com/english/advisories/2011/0434 http://www.vupen.com/english/advisories/2011/0605 Common Vulnerability Exposure (CVE) ID: CVE-2011-0534 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46164 http://www.securityfocus.com/bid/46164 Bugtraq: 20110205 [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (Google Search) http://www.securityfocus.com/archive/1/516214/100/0/threaded Debian Security Information: DSA-2160 (Google Search) http://www.debian.org/security/2011/dsa-2160 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/70809 http://www.securitytracker.com/id?1025027 http://secunia.com/advisories/43192 http://secunia.com/advisories/57126 http://securityreason.com/securityalert/8074 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2011/0293 XForce ISS Database: tomcat-nio-connector-dos(65162) https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.