Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870525
Category:Red Hat Local Security Checks
Title:RedHat Update for tomcat5 RHSA-2011:1845-01
Summary:The remote host is missing an update for the 'tomcat5'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'tomcat5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat
host's work directory. As web applications deployed on Tomcat have read and
write access to this directory, a malicious web application could use this
flaw to trick Tomcat into giving it read and write access to an arbitrary
directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. A malicious web
application could use this flaw to conduct an XSS attack, leading to
arbitrary web script execution with the privileges of victims who are
logged into and viewing Manager application web pages. (CVE-2011-0013)

Multiple flaws were found in the way Tomcat handled HTTP DIGEST
authentication. These flaws weakened the Tomcat HTTP DIGEST authentication
implementation, subjecting it to some of the weaknesses of HTTP BASIC
authentication, for example, allowing remote attackers to perform session
replay attacks. (CVE-2011-1184)

A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception
occurred when creating a new user with a JMX client, that user's password
was logged to Tomcat log files. Note: By default, only administrators have
access to such log files. (CVE-2011-2204)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.

Affected Software/OS:
tomcat5 on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3718
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46177
http://www.securityfocus.com/bid/46177
Bugtraq: 20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (Google Search)
http://www.securityfocus.com/archive/1/516211/100/0/threaded
Debian Security Information: DSA-2160 (Google Search)
http://www.debian.org/security/2011/dsa-2160
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02645
http://marc.info/?l=bugtraq&m=130168502603566&w=2
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://www.securitytracker.com/id?1025025
http://secunia.com/advisories/43192
http://secunia.com/advisories/45022
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8072
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
XForce ISS Database: tomcat-servletcontect-sec-bypass(65159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159
Common Vulnerability Exposure (CVE) ID: CVE-2011-0013
BugTraq ID: 46174
http://www.securityfocus.com/bid/46174
Bugtraq: 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516209/30/90/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=675786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
http://www.securitytracker.com/id?1025026
http://securityreason.com/securityalert/8093
http://www.vupen.com/english/advisories/2011/0376
Common Vulnerability Exposure (CVE) ID: CVE-2011-1184
Debian Security Information: DSA-2401 (Google Search)
http://www.debian.org/security/2012/dsa-2401
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: SSRT100825
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
RedHat Security Advisories: RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RedHat Security Advisories: RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RedHat Security Advisories: RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RedHat Security Advisories: RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RedHat Security Advisories: RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RedHat Security Advisories: RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2204
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48456
http://www.securityfocus.com/bid/48456
http://www.osvdb.org/73429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
http://securitytracker.com/id?1025712
http://secunia.com/advisories/44981
http://secunia.com/advisories/48308
XForce ISS Database: tomcat-jmx-info-disclosure(68238)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.