Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.70534
Kategorie:Fedora Local Security Checks
Titel:Fedora Core 14 FEDORA-2011-13457 (tomcat6)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to tomcat6
announced via advisory FEDORA-2011-13457.

Update Information:

Fixes for:
CVE-2011-3190 - authentication bypass and information disclosure
CVE-2011-2526 - send file validation
CVE-2011-2204 - password disclosure vulnerability
JAVA_HOME setting in tomcat6.conf

CVE-2011-0534, CVE-2011-0013, CVE-2010-3718

References:

[ 1 ] Bug #738502 - CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=738502
[ 2 ] Bug #640134 - Issues with setting JAVA_HOME
https://bugzilla.redhat.com/show_bug.cgi?id=640134
[ 3 ] Bug #721087 - CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=721087
[ 4 ] Bug #717016 - CVE-2011-2204 tomcat: password disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=717016
[ 5 ] Bug #701037 - bad symbolic links created for tomcat-juli jar
https://bugzilla.redhat.com/show_bug.cgi?id=701037
[ 6 ] Bug #675794 - CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=675794

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update tomcat6' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-13457

Risk factor : High

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
http://www.securityfocus.com/bid/49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
http://www.securityfocus.com/archive/1/519466/100/0/threaded
Debian Security Information: DSA-2401 (Google Search)
http://www.debian.org/security/2012/dsa-2401
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
http://www.securitytracker.com/id?1025993
http://secunia.com/advisories/45748
http://secunia.com/advisories/48308
http://secunia.com/advisories/49094
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8362
XForce ISS Database: tomcat-ajp-security-bypass(69472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Common Vulnerability Exposure (CVE) ID: CVE-2011-2526
BugTraq ID: 48667
http://www.securityfocus.com/bid/48667
Bugtraq: 20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/518889/100/0/threaded
http://osvdb.org/73797
http://osvdb.org/73798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
RedHat Security Advisories: RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RedHat Security Advisories: RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RedHat Security Advisories: RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RedHat Security Advisories: RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RedHat Security Advisories: RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RedHat Security Advisories: RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://www.securitytracker.com/id?1025788
http://secunia.com/advisories/45232
XForce ISS Database: tomcat-sendfile-info-disclosure(68541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
Common Vulnerability Exposure (CVE) ID: CVE-2011-2204
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48456
http://www.securityfocus.com/bid/48456
http://www.osvdb.org/73429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
http://www.redhat.com/support/errata/RHSA-2011-1845.html
http://securitytracker.com/id?1025712
http://secunia.com/advisories/44981
XForce ISS Database: tomcat-jmx-info-disclosure(68238)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
Common Vulnerability Exposure (CVE) ID: CVE-2011-0534
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46164
http://www.securityfocus.com/bid/46164
Bugtraq: 20110205 [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516214/100/0/threaded
Debian Security Information: DSA-2160 (Google Search)
http://www.debian.org/security/2011/dsa-2160
http://osvdb.org/70809
http://www.securitytracker.com/id?1025027
http://secunia.com/advisories/43192
http://secunia.com/advisories/45022
http://securityreason.com/securityalert/8074
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0293
XForce ISS Database: tomcat-nio-connector-dos(65162)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
Common Vulnerability Exposure (CVE) ID: CVE-2011-0013
BugTraq ID: 46174
http://www.securityfocus.com/bid/46174
Bugtraq: 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516209/30/90/threaded
HPdes Security Advisory: HPSBUX02645
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030
https://bugzilla.redhat.com/show_bug.cgi?id=675786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269
http://www.redhat.com/support/errata/RHSA-2011-0791.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securitytracker.com/id?1025026
http://securityreason.com/securityalert/8093
http://www.vupen.com/english/advisories/2011/0376
Common Vulnerability Exposure (CVE) ID: CVE-2010-3718
BugTraq ID: 46177
http://www.securityfocus.com/bid/46177
Bugtraq: 20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (Google Search)
http://www.securityfocus.com/archive/1/516211/100/0/threaded
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379
http://www.securitytracker.com/id?1025025
http://securityreason.com/securityalert/8072
XForce ISS Database: tomcat-servletcontect-sec-bypass(65159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.