ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0417
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0417)
Resumen:	The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2016-0417 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2016-0417 advisory. Vulnerability Insight: The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own (CVE-2016-6816). The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. Therefore, Tomcat installations using this listener remained vulnerable to a similar remote code execution vulnerability. This issue has been rated as important rather than critical due to the small number of installations using this listener and that it would be highly unusual for the JMX ports to be accessible to an attacker even when the listener is used (CVE-2016-8735). Affected Software/OS: 'tomcat' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6816 BugTraq ID: 94461 http://www.securityfocus.com/bid/94461 Debian Security Information: DSA-3738 (Google Search) http://www.debian.org/security/2016/dsa-3738 https://www.exploit-db.com/exploits/41783/ https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:0244 http://rhn.redhat.com/errata/RHSA-2017-0244.html RedHat Security Advisories: RHSA-2017:0245 http://rhn.redhat.com/errata/RHSA-2017-0245.html RedHat Security Advisories: RHSA-2017:0246 http://rhn.redhat.com/errata/RHSA-2017-0246.html RedHat Security Advisories: RHSA-2017:0247 http://rhn.redhat.com/errata/RHSA-2017-0247.html RedHat Security Advisories: RHSA-2017:0250 http://rhn.redhat.com/errata/RHSA-2017-0250.html RedHat Security Advisories: RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0455 RedHat Security Advisories: RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0456 RedHat Security Advisories: RHSA-2017:0457 http://rhn.redhat.com/errata/RHSA-2017-0457.html RedHat Security Advisories: RHSA-2017:0527 http://rhn.redhat.com/errata/RHSA-2017-0527.html RedHat Security Advisories: RHSA-2017:0935 https://access.redhat.com/errata/RHSA-2017:0935 http://www.securitytracker.com/id/1037332 https://usn.ubuntu.com/4557-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-8735 BugTraq ID: 94463 http://www.securityfocus.com/bid/94463 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html http://www.securitytracker.com/id/1037331
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.