English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.62885
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2008:0862
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0862.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)

A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
allowLinking and URIencoding settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0862.html
http://tomcat.apache.org/security-5.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.4

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5342
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 27006
http://www.securityfocus.com/bid/27006
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open (Google Search)
http://www.securityfocus.com/archive/1/485481/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1447 (Google Search)
http://www.debian.org/security/2008/dsa-1447
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://svn.apache.org/viewvc?view=rev&revision=606594
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/39833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0831.html
http://www.redhat.com/support/errata/RHSA-2008-0832.html
http://www.redhat.com/support/errata/RHSA-2008-0833.html
http://www.redhat.com/support/errata/RHSA-2008-0834.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://secunia.com/advisories/28274
http://secunia.com/advisories/28317
http://secunia.com/advisories/28915
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/30676
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/3485
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/0013
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: apache-juli-logging-weak-security(39201)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
Common Vulnerability Exposure (CVE) ID: CVE-2007-5461
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
BugTraq ID: 26070
http://www.securityfocus.com/bid/26070
Debian Security Information: DSA-1453 (Google Search)
http://www.debian.org/security/2008/dsa-1453
https://www.exploit-db.com/exploits/4530
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://marc.info/?l=full-disclosure&m=119239530508382
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://issues.apache.org/jira/browse/GERONIMO-3549
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
http://www.redhat.com/support/errata/RHSA-2008-0261.html
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://www.securitytracker.com/id?1018864
http://secunia.com/advisories/27398
http://secunia.com/advisories/27446
http://secunia.com/advisories/27481
http://secunia.com/advisories/27727
http://secunia.com/advisories/28361
http://secunia.com/advisories/29242
http://secunia.com/advisories/30802
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/31493
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2007/3622
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/1981/references
XForce ISS Database: apache-tomcat-webdav-dir-traversal(37243)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
Common Vulnerability Exposure (CVE) ID: CVE-2008-1232
BugTraq ID: 30496
http://www.securityfocus.com/bid/30496
Bugtraq: 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495021/100/0/threaded
Bugtraq: 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504351/100/0/threaded
Bugtraq: 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management (Google Search)
http://www.securityfocus.com/archive/1/505556/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: SSRT090005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
http://www.securitytracker.com/id?1020622
http://secunia.com/advisories/31379
http://secunia.com/advisories/31381
http://secunia.com/advisories/31639
http://secunia.com/advisories/31865
http://secunia.com/advisories/31891
http://secunia.com/advisories/31982
http://secunia.com/advisories/33797
http://secunia.com/advisories/33999
http://secunia.com/advisories/34013
http://secunia.com/advisories/35474
http://secunia.com/advisories/36108
http://securityreason.com/securityalert/4098
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://www.vupen.com/english/advisories/2008/2305
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/0503
http://www.vupen.com/english/advisories/2009/1609
http://www.vupen.com/english/advisories/2009/2194
XForce ISS Database: tomcat-httpservletresponse-xss(44155)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
Common Vulnerability Exposure (CVE) ID: CVE-2008-1947
BugTraq ID: 29502
http://www.securityfocus.com/bid/29502
Bugtraq: 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/492958/100/0/threaded
Debian Security Information: DSA-1593 (Google Search)
http://www.debian.org/security/2008/dsa-1593
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
http://www.securitytracker.com/id?1020624
http://secunia.com/advisories/30500
http://secunia.com/advisories/30592
http://secunia.com/advisories/30967
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.vupen.com/english/advisories/2008/1725
XForce ISS Database: apache-tomcat-hostmanager-xss(42816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
Common Vulnerability Exposure (CVE) ID: CVE-2008-2370
BugTraq ID: 30494
http://www.securityfocus.com/bid/30494
Bugtraq: 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495022/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
http://www.securitytracker.com/id?1020623
http://secunia.com/advisories/35393
http://secunia.com/advisories/36249
http://securityreason.com/securityalert/4099
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/2215
XForce ISS Database: tomcat-requestdispatcher-info-disclosure(44156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
BugTraq ID: 30633
http://www.securityfocus.com/bid/30633
Bugtraq: 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495318/100/0/threaded
Bugtraq: 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/507729/100/0/threaded
CERT/CC vulnerability note: VU#343355
http://www.kb.cert.org/vuls/id/343355
https://www.exploit-db.com/exploits/6229
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
http://www.securitytracker.com/id?1020665
http://secunia.com/advisories/37297
http://securityreason.com/securityalert/4148
http://www.vupen.com/english/advisories/2008/2343
XForce ISS Database: tomcat-allowlinking-utf8-directory-traversal(44411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.