Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0648

The remote host is missing updates announced in
advisory RHSA-2008:0648.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.

An additional traversal vulnerability was discovered when the
allowLinking and URIencoding settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-1232
BugTraq ID: 30496
BugTraq ID: 31681
Bugtraq: 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability (Google Search)
Bugtraq: 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability (Google Search)
Bugtraq: 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management (Google Search)
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
HPdes Security Advisory: HPSBST02955
HPdes Security Advisory: HPSBUX02401
HPdes Security Advisory: SSRT090005
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
XForce ISS Database: tomcat-httpservletresponse-xss(44155)
Common Vulnerability Exposure (CVE) ID: CVE-2008-1947
BugTraq ID: 29502
Bugtraq: 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (Google Search)
Debian Security Information: DSA-1593 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
XForce ISS Database: apache-tomcat-hostmanager-xss(42816)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2370
BugTraq ID: 30494
Bugtraq: 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (Google Search)
XForce ISS Database: tomcat-requestdispatcher-info-disclosure(44156)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
BugTraq ID: 30633
Bugtraq: 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability (Google Search)
Bugtraq: 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities (Google Search)
CERT/CC vulnerability note: VU#343355
XForce ISS Database: tomcat-allowlinking-utf8-directory-traversal(44411)
CopyrightCopyright (c) 2008 E-Soft Inc.

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.