ID de Prueba:	1.3.6.1.4.1.25623.1.0.62865
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0096
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0096. mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. mod_jk was first distributed with Red Hat Application Stack version 1.1 released on 19 February 2007. A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user. (CVE-2007-0774) Users of mod_jk should upgrade to these updated packages, which contain a backported patch to correct this issue. Red Hat would like to thank TippingPoint and the Zero Day Initiative for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0096.html http://www.redhat.com/security/updates/classification/#critical Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0774 BugTraq ID: 22791 http://www.securityfocus.com/bid/22791 Bugtraq: 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/461734/100/0/threaded Cisco Security Advisory: 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a008093f040.shtml http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://www.zerodayinitiative.com/advisories/ZDI-07-008.html https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5513 http://www.redhat.com/support/errata/RHSA-2007-0096.html http://securitytracker.com/id?1017719 http://secunia.com/advisories/24398 http://secunia.com/advisories/24558 http://secunia.com/advisories/27037 http://secunia.com/advisories/28711 http://www.vupen.com/english/advisories/2007/0809 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/0331 XForce ISS Database: tomcat-mapuritoworker-bo(32794) https://exchange.xforce.ibmcloud.com/vulnerabilities/32794
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.