Beschreibung: | Description: The remote host is missing an update to tomcat6 announced via advisory FEDORA-2011-13457.
Update Information:
Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf
CVE-2011-0534, CVE-2011-0013, CVE-2010-3718
References:
[ 1 ] Bug #738502 - CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=738502 [ 2 ] Bug #640134 - Issues with setting JAVA_HOME https://bugzilla.redhat.com/show_bug.cgi?id=640134 [ 3 ] Bug #721087 - CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=721087 [ 4 ] Bug #717016 - CVE-2011-2204 tomcat: password disclosure vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=717016 [ 5 ] Bug #701037 - bad symbolic links created for tomcat-juli jar https://bugzilla.redhat.com/show_bug.cgi?id=701037 [ 6 ] Bug #675794 - CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=675794
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update tomcat6' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-13457
Risk factor : High
|