Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61518
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0648
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0648.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
allowLinking and URIencoding settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0648.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-1232
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 30496
http://www.securityfocus.com/bid/30496
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495021/100/0/threaded
Bugtraq: 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504351/100/0/threaded
Bugtraq: 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management (Google Search)
http://www.securityfocus.com/archive/1/505556/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: SSRT090005
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
http://www.securitytracker.com/id?1020622
http://secunia.com/advisories/31379
http://secunia.com/advisories/31381
http://secunia.com/advisories/31639
http://secunia.com/advisories/31865
http://secunia.com/advisories/31891
http://secunia.com/advisories/31982
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/33797
http://secunia.com/advisories/33999
http://secunia.com/advisories/34013
http://secunia.com/advisories/35474
http://secunia.com/advisories/36108
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/4098
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/2305
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/0503
http://www.vupen.com/english/advisories/2009/1609
http://www.vupen.com/english/advisories/2009/2194
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: tomcat-httpservletresponse-xss(44155)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
Common Vulnerability Exposure (CVE) ID: CVE-2008-1947
BugTraq ID: 29502
http://www.securityfocus.com/bid/29502
Bugtraq: 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/492958/100/0/threaded
Debian Security Information: DSA-1593 (Google Search)
http://www.debian.org/security/2008/dsa-1593
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
http://www.securitytracker.com/id?1020624
http://secunia.com/advisories/30500
http://secunia.com/advisories/30592
http://secunia.com/advisories/30967
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.vupen.com/english/advisories/2008/1725
XForce ISS Database: apache-tomcat-hostmanager-xss(42816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
Common Vulnerability Exposure (CVE) ID: CVE-2008-2370
BugTraq ID: 30494
http://www.securityfocus.com/bid/30494
Bugtraq: 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495022/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
http://www.securitytracker.com/id?1020623
http://secunia.com/advisories/35393
http://secunia.com/advisories/36249
http://securityreason.com/securityalert/4099
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/2215
XForce ISS Database: tomcat-requestdispatcher-info-disclosure(44156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
BugTraq ID: 30633
http://www.securityfocus.com/bid/30633
Bugtraq: 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495318/100/0/threaded
Bugtraq: 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/507729/100/0/threaded
CERT/CC vulnerability note: VU#343355
http://www.kb.cert.org/vuls/id/343355
https://www.exploit-db.com/exploits/6229
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
http://www.securitytracker.com/id?1020665
http://secunia.com/advisories/37297
http://securityreason.com/securityalert/4148
http://www.vupen.com/english/advisories/2008/2343
XForce ISS Database: tomcat-allowlinking-utf8-directory-traversal(44411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.