Test ID:	1.3.6.1.4.1.25623.1.0.123666
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-0623)
Summary:	The remote host is missing an update for the 'tomcat6' package(s) announced via the ELSA-2013-0623 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat6' package(s) announced via the ELSA-2013-0623 advisory. Vulnerability Insight: [0:6.0.24-52] - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. [0:6.0.24-50] - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST authentication issues - Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using - SSL NIO sendfile - Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints Affected Software/OS: 'tomcat6' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3546 1027833 http://www.securitytracker.com/id?1027833 20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html 51984 http://secunia.com/advisories/51984 52054 http://secunia.com/advisories/52054 56812 http://www.securityfocus.com/bid/56812 57126 http://secunia.com/advisories/57126 HPSBMU02873 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878 HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 RHSA-2013:0004 http://rhn.redhat.com/errata/RHSA-2013-0004.html RHSA-2013:0005 http://rhn.redhat.com/errata/RHSA-2013-0005.html RHSA-2013:0146 http://rhn.redhat.com/errata/RHSA-2013-0146.html RHSA-2013:0147 http://rhn.redhat.com/errata/RHSA-2013-0147.html RHSA-2013:0151 http://rhn.redhat.com/errata/RHSA-2013-0151.html RHSA-2013:0157 http://rhn.redhat.com/errata/RHSA-2013-0157.html RHSA-2013:0158 http://rhn.redhat.com/errata/RHSA-2013-0158.html RHSA-2013:0162 http://rhn.redhat.com/errata/RHSA-2013-0162.html RHSA-2013:0163 http://rhn.redhat.com/errata/RHSA-2013-0163.html RHSA-2013:0164 http://rhn.redhat.com/errata/RHSA-2013-0164.html RHSA-2013:0191 http://rhn.redhat.com/errata/RHSA-2013-0191.html RHSA-2013:0192 http://rhn.redhat.com/errata/RHSA-2013-0192.html RHSA-2013:0193 http://rhn.redhat.com/errata/RHSA-2013-0193.html RHSA-2013:0194 http://rhn.redhat.com/errata/RHSA-2013-0194.html RHSA-2013:0195 http://rhn.redhat.com/errata/RHSA-2013-0195.html RHSA-2013:0196 http://rhn.redhat.com/errata/RHSA-2013-0196.html RHSA-2013:0197 http://rhn.redhat.com/errata/RHSA-2013-0197.html RHSA-2013:0198 http://rhn.redhat.com/errata/RHSA-2013-0198.html RHSA-2013:0221 http://rhn.redhat.com/errata/RHSA-2013-0221.html RHSA-2013:0235 http://rhn.redhat.com/errata/RHSA-2013-0235.html RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RHSA-2013:0641 http://rhn.redhat.com/errata/RHSA-2013-0641.html RHSA-2013:0642 http://rhn.redhat.com/errata/RHSA-2013-0642.html SSRT101139 SSRT101182 USN-1685-1 http://www.ubuntu.com/usn/USN-1685-1 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc?view=revision&revision=1377892 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html openSUSE-SU-2012:1700 http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html openSUSE-SU-2012:1701 http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html openSUSE-SU-2013:0147 http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html oval:org.mitre.oval:def:19305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305 Common Vulnerability Exposure (CVE) ID: CVE-2012-4534 1027836 http://www.securitytracker.com/id?1027836 20121204 CVE-2012-4534 Apache Tomcat denial of service http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html 56813 http://www.securityfocus.com/bid/56813 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc?view=revision&revision=1340218 https://issues.apache.org/bugzilla/show_bug.cgi?id=52858 openSUSE-SU-2013:0161 http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html openSUSE-SU-2013:0170 http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html openSUSE-SU-2013:0192 http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html oval:org.mitre.oval:def:19398 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398 Common Vulnerability Exposure (CVE) ID: CVE-2012-5885 BugTraq ID: 56403 http://www.securityfocus.com/bid/56403 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: HPSBUX02866 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 RedHat Security Advisories: RHSA-2013:0623 RedHat Security Advisories: RHSA-2013:0629 http://rhn.redhat.com/errata/RHSA-2013-0629.html RedHat Security Advisories: RHSA-2013:0631 http://rhn.redhat.com/errata/RHSA-2013-0631.html RedHat Security Advisories: RHSA-2013:0632 http://rhn.redhat.com/errata/RHSA-2013-0632.html RedHat Security Advisories: RHSA-2013:0633 http://rhn.redhat.com/errata/RHSA-2013-0633.html RedHat Security Advisories: RHSA-2013:0640 RedHat Security Advisories: RHSA-2013:0647 http://rhn.redhat.com/errata/RHSA-2013-0647.html RedHat Security Advisories: RHSA-2013:0648 http://rhn.redhat.com/errata/RHSA-2013-0648.html RedHat Security Advisories: RHSA-2013:0726 http://rhn.redhat.com/errata/RHSA-2013-0726.html http://secunia.com/advisories/51371 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://www.ubuntu.com/usn/USN-1637-1 XForce ISS Database: tomcat-replay-security-bypass(80408) https://exchange.xforce.ibmcloud.com/vulnerabilities/80408 Common Vulnerability Exposure (CVE) ID: CVE-2012-5886 XForce ISS Database: tomcat-http-Digest-security-bypass(80407) https://exchange.xforce.ibmcloud.com/vulnerabilities/80407 Common Vulnerability Exposure (CVE) ID: CVE-2012-5887 XForce ISS Database: tomcat-digest-security-bypass(79809) https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.