Test Kennung:	1.3.6.1.4.1.25623.1.0.703447
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3447-1 (tomcat7 - security update)
Zusammenfassung:	It was discovered that malicious web;applications could use the Expression Language to bypass protections of a Security;Manager as expressions were evaluated within a privileged code section.
Beschreibung:	Summary: It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. Affected Software/OS: tomcat7 on Debian Linux Solution: For the oldstable distribution (wheezy), this problem has been fixed in version 7.0.28-4+deb7u3. This update also provides fixes for CVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and CVE-2014-0230, which were all fixed for the stable distribution (jessie) already. For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 7.0.61-1. For the unstable distribution (sid), this problem has been fixed in version 7.0.61-1. We recommend that you upgrade your tomcat7 packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4444 BugTraq ID: 69728 http://www.securityfocus.com/bid/69728 Bugtraq: 20140910 CVE-2013-4444 Remote Code Execution in Apache Tomcat (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 http://seclists.org/fulldisclosure/2021/Jan/23 HPdes Security Advisory: HPSBOV03503 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://openwall.com/lists/oss-security/2014/10/24/12 http://www.securitytracker.com/id/1030834 Common Vulnerability Exposure (CVE) ID: CVE-2014-0075 BugTraq ID: 67671 http://www.securityfocus.com/bid/67671 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html http://seclists.org/fulldisclosure/2014/Dec/23 HPdes Security Advisory: HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 HPdes Security Advisory: HPSBUX03150 http://marc.info/?l=bugtraq&m=141390017113542&w=2 HPdes Security Advisory: SSRT101681 http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 http://www.mandriva.com/security/advisories?name=MDVSA-2015:053 http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html http://secunia.com/advisories/59121 http://secunia.com/advisories/59616 http://secunia.com/advisories/59678 http://secunia.com/advisories/59732 http://secunia.com/advisories/59835 http://secunia.com/advisories/59849 http://secunia.com/advisories/59873 http://secunia.com/advisories/60729 http://secunia.com/advisories/60793 Common Vulnerability Exposure (CVE) ID: CVE-2014-0099 BugTraq ID: 67668 http://www.securityfocus.com/bid/67668 Bugtraq: 20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure (Google Search) http://www.securityfocus.com/archive/1/532221/100/0/threaded Bugtraq: 20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure (Google Search) http://www.securityfocus.com/archive/1/532218/100/0/threaded http://seclists.org/fulldisclosure/2014/May/140 http://seclists.org/fulldisclosure/2014/May/138 http://www.securitytracker.com/id/1030302 Common Vulnerability Exposure (CVE) ID: CVE-2014-0227 BugTraq ID: 72717 http://www.securityfocus.com/bid/72717 Bugtraq: 20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling (Google Search) http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: HPSBUX03341 http://marc.info/?l=bugtraq&m=143393515412274&w=2 HPdes Security Advisory: SSRT102066 HPdes Security Advisory: SSRT102068 RedHat Security Advisories: RHSA-2015:0983 http://rhn.redhat.com/errata/RHSA-2015-0983.html RedHat Security Advisories: RHSA-2015:0991 http://rhn.redhat.com/errata/RHSA-2015-0991.html http://www.securitytracker.com/id/1032791 http://www.ubuntu.com/usn/USN-2654-1 http://www.ubuntu.com/usn/USN-2655-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0230 BugTraq ID: 74475 http://www.securityfocus.com/bid/74475 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://openwall.com/lists/oss-security/2015/04/10/1 http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E RedHat Security Advisories: RHSA-2015:1621 http://rhn.redhat.com/errata/RHSA-2015-1621.html RedHat Security Advisories: RHSA-2015:1622 http://rhn.redhat.com/errata/RHSA-2015-1622.html RedHat Security Advisories: RHSA-2015:2659 https://access.redhat.com/errata/RHSA-2015:2659 RedHat Security Advisories: RHSA-2015:2660 https://access.redhat.com/errata/RHSA-2015:2660 RedHat Security Advisories: RHSA-2015:2661 http://rhn.redhat.com/errata/RHSA-2015-2661.html RedHat Security Advisories: RHSA-2016:0595 http://rhn.redhat.com/errata/RHSA-2016-0595.html RedHat Security Advisories: RHSA-2016:0596 http://rhn.redhat.com/errata/RHSA-2016-0596.html RedHat Security Advisories: RHSA-2016:0597 http://rhn.redhat.com/errata/RHSA-2016-0597.html RedHat Security Advisories: RHSA-2016:0598 http://rhn.redhat.com/errata/RHSA-2016-0598.html RedHat Security Advisories: RHSA-2016:0599 http://rhn.redhat.com/errata/RHSA-2016-0599.html Common Vulnerability Exposure (CVE) ID: CVE-2014-7810 BugTraq ID: 74665 http://www.securityfocus.com/bid/74665 Debian Security Information: DSA-3428 (Google Search) http://www.debian.org/security/2015/dsa-3428 RedHat Security Advisories: RHSA-2016:0492 http://rhn.redhat.com/errata/RHSA-2016-0492.html RedHat Security Advisories: RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.securitytracker.com/id/1032330
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.