ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0312
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0312)
Resumen:	The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2016-0312 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2016-0312 advisory. Vulnerability Insight: Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an 'httpoxy' issue (CVE-2016-5388). Affected Software/OS: 'tomcat' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5388 1036331 http://www.securitytracker.com/id/1036331 91818 http://www.securityfocus.com/bid/91818 RHSA-2016:1624 http://rhn.redhat.com/errata/RHSA-2016-1624.html RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html VU#797896 http://www.kb.cert.org/vuls/id/797896 [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries. https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E [debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html [tomcat-users] 20200813 CVE reporting discrepencies https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200813 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200814 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://httpoxy.org/ https://tomcat.apache.org/tomcat-7.0-doc/changelog.html https://www.apache.org/security/asf-httpoxy-response.txt openSUSE-SU-2016:2252 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.