Test ID:	1.3.6.1.4.1.25623.1.0.58360
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1312-1)
Summary:	The remote host is missing an update for the Debian 'libapache-mod-jk' package(s) announced via the DSA-1312-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libapache-mod-jk' package(s) announced via the DSA-1312-1 advisory. Vulnerability Insight: It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure. For the oldstable distribution (sarge) this problem has been fixed in version 1.2.5-2sarge1. An updated package for powerpc is not yet available due to problems with the build host. It will be provided later. For the stable distribution (etch) this problem has been fixed in version 1.2.18-3etch1. For the unstable distribution (sid) this problem has been fixed in version 1.2.23-1. We recommend that you upgrade your libapache-mod-jk package. Affected Software/OS: 'libapache-mod-jk' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1860 1018138 http://www.securitytracker.com/id?1018138 24147 http://www.securityfocus.com/bid/24147 25159 http://www.securityfocus.com/bid/25159 25383 http://secunia.com/advisories/25383 25701 http://secunia.com/advisories/25701 26235 http://secunia.com/advisories/26235 26512 http://secunia.com/advisories/26512 27037 http://secunia.com/advisories/27037 29242 http://secunia.com/advisories/29242 34877 http://www.osvdb.org/34877 ADV-2007-1941 http://www.vupen.com/english/advisories/2007/1941 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 ADV-2007-3386 http://www.vupen.com/english/advisories/2007/3386 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html DSA-1312 http://www.debian.org/security/2007/dsa-1312 GLSA-200708-15 http://security.gentoo.org/glsa/glsa-200708-15.xml HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 RHSA-2007:0379 http://www.redhat.com/support/errata/RHSA-2007-0379.html RHSA-2008:0261 http://www.redhat.com/support/errata/RHSA-2008-0261.html SSRT071447 SUSE-SR:2008:005 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E http://docs.info.apple.com/article.html?artnum=306172 http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 http://tomcat.apache.org/security-jk.html oval:org.mitre.oval:def:6002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002 tomcat-jkconnector-security-bypass(34496) https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.