Test ID:	1.3.6.1.4.1.25623.1.0.840574
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1048-1)
Summary:	The remote host is missing an update for the 'tomcat6' package(s) announced via the USN-1048-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat6' package(s) announced via the USN-1048-1 advisory. Vulnerability Insight: It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Affected Software/OS: 'tomcat6' package(s) on Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4172 1024764 http://securitytracker.com/id?1024764 20101122 [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html http://www.securityfocus.com/archive/1/514866/100/0/threaded 42337 http://secunia.com/advisories/42337 43019 http://secunia.com/advisories/43019 45015 http://www.securityfocus.com/bid/45015 45022 http://secunia.com/advisories/45022 57126 http://secunia.com/advisories/57126 ADV-2010-3047 http://www.vupen.com/english/advisories/2010/3047 ADV-2011-0203 http://www.vupen.com/english/advisories/2011/0203 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 RHSA-2011:0791 http://www.redhat.com/support/errata/RHSA-2011-0791.html RHSA-2011:0896 http://www.redhat.com/support/errata/RHSA-2011-0896.html RHSA-2011:0897 http://www.redhat.com/support/errata/RHSA-2011-0897.html USN-1048-1 http://www.ubuntu.com/usn/USN-1048-1 http://support.apple.com/kb/HT5002 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html http://svn.apache.org/viewvc?view=revision&revision=1037778 http://svn.apache.org/viewvc?view=revision&revision=1037779 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html https://bugzilla.redhat.com/show_bug.cgi?id=656246 tomcat-sessionlist-xss(63422) https://exchange.xforce.ibmcloud.com/vulnerabilities/63422
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.