Test ID:	1.3.6.1.4.1.25623.1.0.841222
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1637-1)
Summary:	The remote host is missing an update for the 'tomcat6' package(s) announced via the USN-1637-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat6' package(s) announced via the USN-1637-1 advisory. Vulnerability Insight: It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733) It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Affected Software/OS: 'tomcat6' package(s) on Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2733 BugTraq ID: 56402 http://www.securityfocus.com/bid/56402 HPdes Security Advisory: HPSBMU02873 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218 http://www.securitytracker.com/id?1027729 http://secunia.com/advisories/51371 http://secunia.com/advisories/57126 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://www.ubuntu.com/usn/USN-1637-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-5885 BugTraq ID: 56403 http://www.securityfocus.com/bid/56403 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT101146 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432 RedHat Security Advisories: RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html RedHat Security Advisories: RHSA-2013:0629 http://rhn.redhat.com/errata/RHSA-2013-0629.html RedHat Security Advisories: RHSA-2013:0631 http://rhn.redhat.com/errata/RHSA-2013-0631.html RedHat Security Advisories: RHSA-2013:0632 http://rhn.redhat.com/errata/RHSA-2013-0632.html RedHat Security Advisories: RHSA-2013:0633 http://rhn.redhat.com/errata/RHSA-2013-0633.html RedHat Security Advisories: RHSA-2013:0640 http://rhn.redhat.com/errata/RHSA-2013-0640.html RedHat Security Advisories: RHSA-2013:0647 http://rhn.redhat.com/errata/RHSA-2013-0647.html RedHat Security Advisories: RHSA-2013:0648 http://rhn.redhat.com/errata/RHSA-2013-0648.html RedHat Security Advisories: RHSA-2013:0726 http://rhn.redhat.com/errata/RHSA-2013-0726.html XForce ISS Database: tomcat-replay-security-bypass(80408) https://exchange.xforce.ibmcloud.com/vulnerabilities/80408 Common Vulnerability Exposure (CVE) ID: CVE-2012-5886 XForce ISS Database: tomcat-http-Digest-security-bypass(80407) https://exchange.xforce.ibmcloud.com/vulnerabilities/80407 Common Vulnerability Exposure (CVE) ID: CVE-2012-5887 XForce ISS Database: tomcat-digest-security-bypass(79809) https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.