 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2024.7106.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-7106-1) |
| Summary: | The remote host is missing an update for the 'tomcat9' package(s) announced via the USN-7106-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'tomcat9' package(s) announced via the USN-7106-1 advisory. Vulnerability Insight: It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. (CVE-2023-28708) It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks. (CVE-2023-41080) It was discovered that Tomcat incorrectly recycled certain objects, which could lead to information leaking from one request to the next. An attacker could potentially use this issue to leak sensitive information. (CVE-2023-42795) It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling. (CVE-2023-45648) It was discovered that Tomcat incorrectly handled socket cleanup, which could lead to websocket connections staying open. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-23672) Affected Software/OS: 'tomcat9' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-28708 https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 Common Vulnerability Exposure (CVE) ID: CVE-2023-41080 Debian Security Information: DSA-5521 (Google Search) https://www.debian.org/security/2023/dsa-5521 Debian Security Information: DSA-5522 (Google Search) https://www.debian.org/security/2023/dsa-5522 https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2023-42795 https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw http://www.openwall.com/lists/oss-security/2023/10/10/9 Common Vulnerability Exposure (CVE) ID: CVE-2023-45648 https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp http://www.openwall.com/lists/oss-security/2023/10/10/10 Common Vulnerability Exposure (CVE) ID: CVE-2024-23672 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B/ https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html http://www.openwall.com/lists/oss-security/2024/03/13/4 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |