Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for tomcat5 RHSA-2011:1845-01
Summary:The remote host is missing an update for the 'tomcat5'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'tomcat5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat
host's work directory. As web applications deployed on Tomcat have read and
write access to this directory, a malicious web application could use this
flaw to trick Tomcat into giving it read and write access to an arbitrary
directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. A malicious web
application could use this flaw to conduct an XSS attack, leading to
arbitrary web script execution with the privileges of victims who are
logged into and viewing Manager application web pages. (CVE-2011-0013)

Multiple flaws were found in the way Tomcat handled HTTP DIGEST
authentication. These flaws weakened the Tomcat HTTP DIGEST authentication
implementation, subjecting it to some of the weaknesses of HTTP BASIC
authentication, for example, allowing remote attackers to perform session
replay attacks. (CVE-2011-1184)

A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception
occurred when creating a new user with a JMX client, that user's password
was logged to Tomcat log files. Note: By default, only administrators have
access to such log files. (CVE-2011-2204)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.

Affected Software/OS:
tomcat5 on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3718
BugTraq ID: 46177
Bugtraq: 20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (Google Search)
Debian Security Information: DSA-2160 (Google Search)
HPdes Security Advisory: HPSBST02955
HPdes Security Advisory: HPSBUX02645
HPdes Security Advisory: HPSBUX02725
HPdes Security Advisory: HPSBUX02860
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT101146
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
XForce ISS Database: tomcat-servletcontect-sec-bypass(65159)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0013
BugTraq ID: 46174
Bugtraq: 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1184
Debian Security Information: DSA-2401 (Google Search)
HPdes Security Advisory: HPSBOV02762
HPdes Security Advisory: SSRT100825
RedHat Security Advisories: RHSA-2012:0074
RedHat Security Advisories: RHSA-2012:0075
RedHat Security Advisories: RHSA-2012:0076
RedHat Security Advisories: RHSA-2012:0077
RedHat Security Advisories: RHSA-2012:0078
RedHat Security Advisories: RHSA-2012:0325
SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-2204
BugTraq ID: 48456
XForce ISS Database: tomcat-jmx-info-disclosure(68238)
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.