English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2018.0479
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2018-0479)
Summary:The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2018-0479 advisory.
Description:Summary:
The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2018-0479 advisory.

Vulnerability Insight:
An improper handing of overflow in the UTF-8 decoder with supplementary
characters can lead to an infinite loop in the decoder causing a Denial
of Service (CVE-2018-1336).

The defaults settings for the CORS filter are insecure and enable
supportsCredentials for all origins. It is expected that users of the
CORS filter will have configured it appropriately for their environment
rather than using it in the default configuration. Therefore, it is
expected that most users will not be impacted by this issue
(CVE-2018-8014).

The host name verification when using TLS with the WebSocket client was
missing. It is now enabled by default (CVE-2018-8034).

When the default servlet returned a redirect to a directory (e.g.
redirecting to /foo/ when the user requested /foo) a specially crafted
URL could be used to cause the redirect to be generated to any URI of
the attackers choice (CVE-2018-11784).

Affected Software/OS:
'tomcat' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-11784
BugTraq ID: 105524
http://www.securityfocus.com/bid/105524
Bugtraq: 20191229 [SECURITY] [DSA 4596-1] tomcat8 security update (Google Search)
https://seclists.org/bugtraq/2019/Dec/43
Debian Security Information: DSA-4596 (Google Search)
https://www.debian.org/security/2019/dsa-4596
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/
http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2019:0130
https://access.redhat.com/errata/RHSA-2019:0130
RedHat Security Advisories: RHSA-2019:0131
https://access.redhat.com/errata/RHSA-2019:0131
RedHat Security Advisories: RHSA-2019:0485
https://access.redhat.com/errata/RHSA-2019:0485
RedHat Security Advisories: RHSA-2019:1529
https://access.redhat.com/errata/RHSA-2019:1529
SuSE Security Announcement: openSUSE-SU-2019:1547 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
SuSE Security Announcement: openSUSE-SU-2019:1814 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
https://usn.ubuntu.com/3787-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1336
BugTraq ID: 104898
http://www.securityfocus.com/bid/104898
Debian Security Information: DSA-4281 (Google Search)
https://www.debian.org/security/2018/dsa-4281
https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
RedHat Security Advisories: RHEA-2018:2188
https://access.redhat.com/errata/RHEA-2018:2188
RedHat Security Advisories: RHEA-2018:2189
https://access.redhat.com/errata/RHEA-2018:2189
RedHat Security Advisories: RHSA-2018:2700
https://access.redhat.com/errata/RHSA-2018:2700
RedHat Security Advisories: RHSA-2018:2701
https://access.redhat.com/errata/RHSA-2018:2701
RedHat Security Advisories: RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2740
RedHat Security Advisories: RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2741
RedHat Security Advisories: RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2742
RedHat Security Advisories: RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2743
RedHat Security Advisories: RHSA-2018:2921
https://access.redhat.com/errata/RHSA-2018:2921
RedHat Security Advisories: RHSA-2018:2930
https://access.redhat.com/errata/RHSA-2018:2930
RedHat Security Advisories: RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2018:2939
RedHat Security Advisories: RHSA-2018:2945
https://access.redhat.com/errata/RHSA-2018:2945
RedHat Security Advisories: RHSA-2018:3768
https://access.redhat.com/errata/RHSA-2018:3768
http://www.securitytracker.com/id/1041375
https://usn.ubuntu.com/3723-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8014
BugTraq ID: 104203
http://www.securityfocus.com/bid/104203
https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
RedHat Security Advisories: RHSA-2018:2469
https://access.redhat.com/errata/RHSA-2018:2469
RedHat Security Advisories: RHSA-2018:2470
https://access.redhat.com/errata/RHSA-2018:2470
RedHat Security Advisories: RHSA-2019:0450
https://access.redhat.com/errata/RHSA-2019:0450
RedHat Security Advisories: RHSA-2019:0451
https://access.redhat.com/errata/RHSA-2019:0451
RedHat Security Advisories: RHSA-2019:2205
https://access.redhat.com/errata/RHSA-2019:2205
http://www.securitytracker.com/id/1040998
http://www.securitytracker.com/id/1041888
https://usn.ubuntu.com/3665-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8034
BugTraq ID: 104895
http://www.securityfocus.com/bid/104895
https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E
RedHat Security Advisories: RHSA-2019:1159
https://access.redhat.com/errata/RHSA-2019:1159
RedHat Security Advisories: RHSA-2019:1160
https://access.redhat.com/errata/RHSA-2019:1160
RedHat Security Advisories: RHSA-2019:1161
https://access.redhat.com/errata/RHSA-2019:1161
RedHat Security Advisories: RHSA-2019:1162
https://access.redhat.com/errata/RHSA-2019:1162
RedHat Security Advisories: RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3892
http://www.securitytracker.com/id/1041374
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.