Test ID:	1.3.6.1.4.1.25623.1.0.147043
Category:	Web Servers
Title:	Apache Tomcat 7.0.x < 7.0.29 Multiple Vulnerabilities - Linux
Summary:	Apache Tomcat is prone to multiple vulnerabilities.
Description:	Summary: Apache Tomcat is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2012-3544: Denial of service - CVE-2012-3439: DIGEST authentication weakness - CVE-2012-3546: Bypass of security constraints Affected Software/OS: Apache Tomcat version 7.0.x through 7.0.29. Solution: Update to version 7.0.30 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3544 BugTraq ID: 59797 http://www.securityfocus.com/bid/59797 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Bugtraq: 20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/23 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E http://www.ubuntu.com/usn/USN-1841-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3439 Common Vulnerability Exposure (CVE) ID: CVE-2012-3546 1027833 http://www.securitytracker.com/id?1027833 20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html 51984 http://secunia.com/advisories/51984 52054 http://secunia.com/advisories/52054 56812 http://www.securityfocus.com/bid/56812 57126 http://secunia.com/advisories/57126 HPSBMU02873 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878 HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 RHSA-2013:0004 http://rhn.redhat.com/errata/RHSA-2013-0004.html RHSA-2013:0005 http://rhn.redhat.com/errata/RHSA-2013-0005.html RHSA-2013:0146 http://rhn.redhat.com/errata/RHSA-2013-0146.html RHSA-2013:0147 http://rhn.redhat.com/errata/RHSA-2013-0147.html RHSA-2013:0151 http://rhn.redhat.com/errata/RHSA-2013-0151.html RHSA-2013:0157 http://rhn.redhat.com/errata/RHSA-2013-0157.html RHSA-2013:0158 http://rhn.redhat.com/errata/RHSA-2013-0158.html RHSA-2013:0162 http://rhn.redhat.com/errata/RHSA-2013-0162.html RHSA-2013:0163 http://rhn.redhat.com/errata/RHSA-2013-0163.html RHSA-2013:0164 http://rhn.redhat.com/errata/RHSA-2013-0164.html RHSA-2013:0191 http://rhn.redhat.com/errata/RHSA-2013-0191.html RHSA-2013:0192 http://rhn.redhat.com/errata/RHSA-2013-0192.html RHSA-2013:0193 http://rhn.redhat.com/errata/RHSA-2013-0193.html RHSA-2013:0194 http://rhn.redhat.com/errata/RHSA-2013-0194.html RHSA-2013:0195 http://rhn.redhat.com/errata/RHSA-2013-0195.html RHSA-2013:0196 http://rhn.redhat.com/errata/RHSA-2013-0196.html RHSA-2013:0197 http://rhn.redhat.com/errata/RHSA-2013-0197.html RHSA-2013:0198 http://rhn.redhat.com/errata/RHSA-2013-0198.html RHSA-2013:0221 http://rhn.redhat.com/errata/RHSA-2013-0221.html RHSA-2013:0235 http://rhn.redhat.com/errata/RHSA-2013-0235.html RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RHSA-2013:0641 http://rhn.redhat.com/errata/RHSA-2013-0641.html RHSA-2013:0642 http://rhn.redhat.com/errata/RHSA-2013-0642.html SSRT101139 SSRT101182 USN-1685-1 http://www.ubuntu.com/usn/USN-1685-1 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892 http://svn.apache.org/viewvc?view=revision&revision=1377892 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html openSUSE-SU-2012:1700 http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html openSUSE-SU-2012:1701 http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html openSUSE-SU-2013:0147 http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html oval:org.mitre.oval:def:19305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.