Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0150)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0150

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0150)

Resumen: The remote host is missing an update for the 'tomcat-native' package(s) announced via the MGASA-2018-0150 advisory.

Descripción: Summary:
The remote host is missing an update for the 'tomcat-native' package(s) announced via the MGASA-2018-0150 advisory.

Vulnerability Insight:
When parsing the AIA-Extension field of a client certificate, Apache
Tomcat Native did not correctly handle fields longer than 127 bytes. The
result of the parsing error was to skip the OCSP check. It was therefore
possible for client certificates that should have been rejected (if the
OCSP check had been made) to be accepted. Users not using OCSP checks
are not affected by this vulnerability (CVE-2017-15698).

Affected Software/OS:
'tomcat-native' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-15698
Debian Security Information: DSA-4118 (Google Search)
https://www.debian.org/security/2018/dsa-4118
https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2018:0465
https://access.redhat.com/errata/RHSA-2018:0465
RedHat Security Advisories: RHSA-2018:0466
https://access.redhat.com/errata/RHSA-2018:0466
http://www.securitytracker.com/id/1040390

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0150
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0150)
Resumen:	The remote host is missing an update for the 'tomcat-native' package(s) announced via the MGASA-2018-0150 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tomcat-native' package(s) announced via the MGASA-2018-0150 advisory. Vulnerability Insight: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability (CVE-2017-15698). Affected Software/OS: 'tomcat-native' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15698 Debian Security Information: DSA-4118 (Google Search) https://www.debian.org/security/2018/dsa-4118 https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0465 RedHat Security Advisories: RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:0466 http://www.securitytracker.com/id/1040390
Copyright	Copyright (C) 2022 Greenbone AG