ID de Prueba:	1.3.6.1.4.1.25623.1.0.882434
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for tomcat6 CESA-2016:0492 centos6
Resumen:	Check the version of tomcat6
Descripción:	Summary: Check the version of tomcat6 Vulnerability Insight: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. (BZ#1301646) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. Affected Software/OS: tomcat6 on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7810 BugTraq ID: 74665 http://www.securityfocus.com/bid/74665 Debian Security Information: DSA-3428 (Google Search) http://www.debian.org/security/2015/dsa-3428 Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:1621 http://rhn.redhat.com/errata/RHSA-2015-1621.html RedHat Security Advisories: RHSA-2015:1622 http://rhn.redhat.com/errata/RHSA-2015-1622.html RedHat Security Advisories: RHSA-2016:0492 http://rhn.redhat.com/errata/RHSA-2016-0492.html RedHat Security Advisories: RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.securitytracker.com/id/1032330 http://www.ubuntu.com/usn/USN-2654-1 http://www.ubuntu.com/usn/USN-2655-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.