ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0138
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0138)
Resumen:	The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2023-0138 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2023-0138 advisory. Vulnerability Insight: Information disclosure due to concurrency bug (CVE-2021-43980) Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability (CVE-2022-23181) Correct documentation to warn of use over untrusted networks. (CVE-2022-29885) Correct documentation showing use of XSS vulnerability. (CVE-2022-34305) Fix to reject invalid Content-Length header (CVE-2022-42252) Fix escaping of the type, message or description values. (CVE-2022-45143) Fix FileUpload limiting of the number of request parts to be processed to prevent the possibility of an attacker triggering a DoS (CVE-2023-24998) Fix setting of session cookie secure attribute when using RemoteIpFilter with X-Forwarded-Proto header set to https (CVE-2023-28708) Obsolete tomcat-jsvc Affected Software/OS: 'tomcat' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-43980 Debian Security Information: DSA-5265 (Google Search) https://www.debian.org/security/2022/dsa-5265 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html http://www.openwall.com/lists/oss-security/2022/09/28/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-23181 https://security.netapp.com/advisory/ntap-20220217-0010/ https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29885 https://security.netapp.com/advisory/ntap-20220629-0002/ http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv Common Vulnerability Exposure (CVE) ID: CVE-2022-34305 https://security.gentoo.org/glsa/202208-34 https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k http://www.openwall.com/lists/oss-security/2022/06/23/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-42252 https://security.gentoo.org/glsa/202305-37 https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq Common Vulnerability Exposure (CVE) ID: CVE-2022-45143 https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj Common Vulnerability Exposure (CVE) ID: CVE-2023-24998 Debian Security Information: DSA-5522 (Google Search) https://www.debian.org/security/2023/dsa-5522 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html http://www.openwall.com/lists/oss-security/2023/05/22/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-28708 https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.