Test ID:	1.3.6.1.4.1.25623.1.0.835243
Category:	HP-UX Local Security Checks
Title:	HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
Summary:	The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory. Vulnerability Insight: Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Vulnerability Impact: Remote information disclosure Affected Software/OS: Apache Running Tomcat Servlet Engine on HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2227 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 41544 http://www.securityfocus.com/bid/41544 Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512272/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded Debian Security Information: DSA-2207 (Google Search) http://www.debian.org/security/2011/dsa-2207 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02579 http://marc.info/?l=bugtraq&m=129070310906557&w=2 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100203 HPdes Security Advisory: SSRT101146 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:177 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532 http://www.redhat.com/support/errata/RHSA-2010-0580.html http://www.redhat.com/support/errata/RHSA-2010-0581.html http://www.redhat.com/support/errata/RHSA-2010-0582.html http://www.redhat.com/support/errata/RHSA-2010-0583.html http://securitytracker.com/id?1024180 http://secunia.com/advisories/40813 http://secunia.com/advisories/41025 http://secunia.com/advisories/42079 http://secunia.com/advisories/42368 http://secunia.com/advisories/42454 http://secunia.com/advisories/43310 http://secunia.com/advisories/44183 http://secunia.com/advisories/57126 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vupen.com/english/advisories/2010/1986 http://www.vupen.com/english/advisories/2010/2868 http://www.vupen.com/english/advisories/2010/3056 XForce ISS Database: tomcat-transferencoding-dos(60264) https://exchange.xforce.ibmcloud.com/vulnerabilities/60264 Common Vulnerability Exposure (CVE) ID: CVE-2010-1157 20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability http://www.securityfocus.com/archive/1/510879/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 39574 http://secunia.com/advisories/39574 39635 http://www.securityfocus.com/bid/39635 42368 43310 57126 ADV-2010-0980 http://www.vupen.com/english/advisories/2010/0980 ADV-2010-3056 APPLE-SA-2011-10-12-3 DSA-2207 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBST02955 HPSBUX02579 HPSBUX02860 MDVSA-2010:176 MDVSA-2010:177 RHSA-2011:0896 http://www.redhat.com/support/errata/RHSA-2011-0896.html RHSA-2011:0897 http://www.redhat.com/support/errata/RHSA-2011-0897.html SSRT100203 SSRT100825 SSRT101146 SUSE-SR:2010:017 [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT5002 http://svn.apache.org/viewvc?view=revision&revision=936540 http://svn.apache.org/viewvc?view=revision&revision=936541 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html oval:org.mitre.oval:def:19492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492 Common Vulnerability Exposure (CVE) ID: CVE-2009-0783 1022336 http://www.securitytracker.com/id?1022336 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure http://www.securityfocus.com/archive/1/504090/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 263529 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1 35416 http://www.securityfocus.com/bid/35416 35685 http://secunia.com/advisories/35685 35788 http://secunia.com/advisories/35788 37460 http://secunia.com/advisories/37460 ADV-2009-1856 http://www.vupen.com/english/advisories/2009/1856 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html FEDORA-2009-11352 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html FEDORA-2009-11356 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html FEDORA-2009-11374 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 MDVSA-2009:136 http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 MDVSA-2009:138 http://www.mandriva.com/security/advisories?name=MDVSA-2009:138 SSRT100029 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT4077 http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev http://tomcat.apache.org/security-4.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 oval:org.mitre.oval:def:10716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716 oval:org.mitre.oval:def:18913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913 oval:org.mitre.oval:def:6450 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450 tomcat-xml-information-disclosure(51195) https://exchange.xforce.ibmcloud.com/vulnerabilities/51195 Common Vulnerability Exposure (CVE) ID: CVE-2009-0781 20090306 [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application http://www.securityfocus.com/archive/1/501538/100/0/threaded oval:org.mitre.oval:def:11041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041 oval:org.mitre.oval:def:19345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345 oval:org.mitre.oval:def:6564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564 tomcat-cal2-xss(49213) https://exchange.xforce.ibmcloud.com/vulnerabilities/49213 Common Vulnerability Exposure (CVE) ID: CVE-2009-0580 1022332 http://securitytracker.com/id?1022332 20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504045/100/0/threaded 20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504108/100/0/threaded 20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication http://www.securityfocus.com/archive/1/504125/100/0/threaded 35196 http://www.securityfocus.com/bid/35196 35326 http://secunia.com/advisories/35326 35344 http://secunia.com/advisories/35344 ADV-2009-1496 http://www.vupen.com/english/advisories/2009/1496 http://svn.apache.org/viewvc?rev=747840&view=rev http://svn.apache.org/viewvc?rev=781379&view=rev http://svn.apache.org/viewvc?rev=781382&view=rev oval:org.mitre.oval:def:18915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915 oval:org.mitre.oval:def:6628 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628 oval:org.mitre.oval:def:9101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101 tomcat-jsecuritycheck-info-disclosure(50930) https://exchange.xforce.ibmcloud.com/vulnerabilities/50930 Common Vulnerability Exposure (CVE) ID: CVE-2009-0033 1022331 http://securitytracker.com/id?1022331 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector http://www.securityfocus.com/archive/1/504044/100/0/threaded 35193 http://www.securityfocus.com/bid/35193 JVN#87272440 http://jvn.jp/en/jp/JVN87272440/index.html http://svn.apache.org/viewvc?rev=742915&view=rev http://svn.apache.org/viewvc?rev=781362&view=rev oval:org.mitre.oval:def:10231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231 oval:org.mitre.oval:def:19110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110 oval:org.mitre.oval:def:5739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739 tomcat-ajp-dos(50928) https://exchange.xforce.ibmcloud.com/vulnerabilities/50928 Common Vulnerability Exposure (CVE) ID: CVE-2008-5515 20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504170/100/0/threaded 20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability http://www.securityfocus.com/archive/1/504202/100/0/threaded 35263 http://www.securityfocus.com/bid/35263 35393 http://secunia.com/advisories/35393 39317 http://secunia.com/advisories/39317 44183 ADV-2009-1520 http://www.vupen.com/english/advisories/2009/1520 ADV-2009-1535 http://www.vupen.com/english/advisories/2009/1535 JVN#63832775 http://jvn.jp/en/jp/JVN63832775/index.html SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html oval:org.mitre.oval:def:10422 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422 oval:org.mitre.oval:def:19452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452 oval:org.mitre.oval:def:6445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.