Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0485
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0485)
Resumen:The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2021-0485 advisory.
Descripción:Summary:
The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2021-0485 advisory.

Vulnerability Insight:
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
authenticate using variations of a valid user name and/or to bypass some
of the protection provided by the LockOut Realm. (CVE-2021-30640)

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66
did not correctly parse the HTTP transfer-encoding request header in some
circumstances leading to the possibility to request smuggling when used
with a reverse proxy. Specifically: - Tomcat incorrectly ignored the
transfer encoding header if the client declared it would only accept an
HTTP/1.0 response, - Tomcat honoured the identify encoding, and - Tomcat
did not ensure that, if present, the chunked encoding was the final
encoding. (CVE-2021-33037)

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2
did not properly validate incoming TLS packets. When Tomcat was configured
to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet
could be used to trigger an infinite loop resulting in a denial of service.
(CVE-2021-41079)

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5,
10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a
memory leak. The object introduced to collect metrics for HTTP upgrade
connections was not released for WebSocket connections once the
connection was closed. This created a memory leak that, over time, could
lead to a denial of service via an OutOfMemoryError. (CVE-2021-42340)

Affected Software/OS:
'tomcat' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-30640
https://security.netapp.com/advisory/ntap-20210827-0007/
Debian Security Information: DSA-4952 (Google Search)
https://www.debian.org/security/2021/dsa-4952
Debian Security Information: DSA-4986 (Google Search)
https://www.debian.org/security/2021/dsa-4986
https://security.gentoo.org/glsa/202208-34
https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-33037
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3Ccommits.tomee.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2021-41079
https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html
https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a@%3Cusers.tomcat.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2021-42340
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://security.netapp.com/advisory/ntap-20211104-0001/
Debian Security Information: DSA-5009 (Google Search)
https://www.debian.org/security/2021/dsa-5009
https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.