Test ID:	1.3.6.1.4.1.25623.1.0.120725
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-736)
Summary:	The remote host is missing an update for the 'tomcat7, tomcat8' package(s) announced via the ALAS-2016-736 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat7, tomcat8' package(s) announced via the ALAS-2016-736 advisory. Vulnerability Insight: A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. Affected Software/OS: 'tomcat7, tomcat8' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3092 BugTraq ID: 91453 http://www.securityfocus.com/bid/91453 Debian Security Information: DSA-3609 (Google Search) http://www.debian.org/security/2016/dsa-3609 Debian Security Information: DSA-3611 (Google Search) http://www.debian.org/security/2016/dsa-3611 Debian Security Information: DSA-3614 (Google Search) http://www.debian.org/security/2016/dsa-3614 https://security.gentoo.org/glsa/201705-09 https://security.gentoo.org/glsa/202107-39 http://jvn.jp/en/jp/JVN89379547/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2016:2068 http://rhn.redhat.com/errata/RHSA-2016-2068.html RedHat Security Advisories: RHSA-2016:2069 http://rhn.redhat.com/errata/RHSA-2016-2069.html RedHat Security Advisories: RHSA-2016:2070 http://rhn.redhat.com/errata/RHSA-2016-2070.html RedHat Security Advisories: RHSA-2016:2071 http://rhn.redhat.com/errata/RHSA-2016-2071.html RedHat Security Advisories: RHSA-2016:2072 http://rhn.redhat.com/errata/RHSA-2016-2072.html RedHat Security Advisories: RHSA-2016:2599 http://rhn.redhat.com/errata/RHSA-2016-2599.html RedHat Security Advisories: RHSA-2016:2807 http://rhn.redhat.com/errata/RHSA-2016-2807.html RedHat Security Advisories: RHSA-2016:2808 http://rhn.redhat.com/errata/RHSA-2016-2808.html RedHat Security Advisories: RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0455 RedHat Security Advisories: RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0456 RedHat Security Advisories: RHSA-2017:0457 http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.securitytracker.com/id/1036427 http://www.securitytracker.com/id/1036900 http://www.securitytracker.com/id/1037029 http://www.securitytracker.com/id/1039606 SuSE Security Announcement: openSUSE-SU-2016:2252 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://www.ubuntu.com/usn/USN-3024-1 http://www.ubuntu.com/usn/USN-3027-1
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.