Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68994
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2160-1 (tomcat6)
Zusammenfassung:The remote host is missing an update to tomcat6;announced via advisory DSA 2160-1.
Beschreibung:Summary:
The remote host is missing an update to tomcat6
announced via advisory DSA 2160-1.

Vulnerability Insight:
Several vulnerabilities were discovered in the Tomcat Servlet and JSP
engine:

CVE-2010-3718

It was discovered that the SecurityManager insufficiently
restricted the working directory.

CVE-2011-0013

It was discovered that the HTML manager interface is affected
by cross-site scripting.

CVE-2011-0534

It was discovered that NIO connector performs insufficient
validation of the HTTP headers, which could lead to denial
of service.

The oldstable distribution (lenny) is not affected by these issues.

For the stable distribution (squeeze), this problem has been fixed in
version 6.0.28-9+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 6.0.28-10.

Solution:
We recommend that you upgrade your tomcat6 packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3718
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46177
http://www.securityfocus.com/bid/46177
Bugtraq: 20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (Google Search)
http://www.securityfocus.com/archive/1/516211/100/0/threaded
Debian Security Information: DSA-2160 (Google Search)
http://www.debian.org/security/2011/dsa-2160
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02645
http://marc.info/?l=bugtraq&m=130168502603566&w=2
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://www.securitytracker.com/id?1025025
http://secunia.com/advisories/43192
http://secunia.com/advisories/45022
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8072
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
XForce ISS Database: tomcat-servletcontect-sec-bypass(65159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159
Common Vulnerability Exposure (CVE) ID: CVE-2011-0013
BugTraq ID: 46174
http://www.securityfocus.com/bid/46174
Bugtraq: 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516209/30/90/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=675786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
http://www.securitytracker.com/id?1025026
http://securityreason.com/securityalert/8093
http://www.vupen.com/english/advisories/2011/0376
Common Vulnerability Exposure (CVE) ID: CVE-2011-0534
BugTraq ID: 46164
http://www.securityfocus.com/bid/46164
Bugtraq: 20110205 [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516214/100/0/threaded
http://osvdb.org/70809
http://www.securitytracker.com/id?1025027
http://securityreason.com/securityalert/8074
http://www.vupen.com/english/advisories/2011/0293
XForce ISS Database: tomcat-nio-connector-dos(65162)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.