Test ID:	1.3.6.1.4.1.25623.1.1.10.2023.0138
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2023-0138)
Summary:	The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2023-0138 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2023-0138 advisory. Vulnerability Insight: Information disclosure due to concurrency bug (CVE-2021-43980) Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability (CVE-2022-23181) Correct documentation to warn of use over untrusted networks. (CVE-2022-29885) Correct documentation showing use of XSS vulnerability. (CVE-2022-34305) Fix to reject invalid Content-Length header (CVE-2022-42252) Fix escaping of the type, message or description values. (CVE-2022-45143) Fix FileUpload limiting of the number of request parts to be processed to prevent the possibility of an attacker triggering a DoS (CVE-2023-24998) Fix setting of session cookie secure attribute when using RemoteIpFilter with X-Forwarded-Proto header set to https (CVE-2023-28708) Obsolete tomcat-jsvc Affected Software/OS: 'tomcat' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-43980 Debian Security Information: DSA-5265 (Google Search) https://www.debian.org/security/2022/dsa-5265 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html http://www.openwall.com/lists/oss-security/2022/09/28/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-23181 https://security.netapp.com/advisory/ntap-20220217-0010/ https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29885 https://security.netapp.com/advisory/ntap-20220629-0002/ http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv Common Vulnerability Exposure (CVE) ID: CVE-2022-34305 https://security.gentoo.org/glsa/202208-34 https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k http://www.openwall.com/lists/oss-security/2022/06/23/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-42252 https://security.gentoo.org/glsa/202305-37 https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq Common Vulnerability Exposure (CVE) ID: CVE-2022-45143 https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj Common Vulnerability Exposure (CVE) ID: CVE-2023-24998 Debian Security Information: DSA-5522 (Google Search) https://www.debian.org/security/2023/dsa-5522 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html http://www.openwall.com/lists/oss-security/2023/05/22/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-28708 https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.