English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.70718
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2401-1 (tomcat6)
Zusammenfassung:The remote host is missing an update to tomcat6;announced via advisory DSA 2401-1.
Beschreibung:Summary:
The remote host is missing an update to tomcat6
announced via advisory DSA 2401-1.

Vulnerability Insight:
Several vulnerabilities have been found in Tomcat, a servlet and JSP
engine:

CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064

The HTTP Digest Access Authentication implementation performed
insufficient countermeasures against replay attacks.

CVE-2011-2204

In rare setups passwords were written into a logfile.

CVE-2011-2526

Missing input sanisiting in the HTTP APR or HTTP NIO connectors
could lead to denial of service.

CVE-2011-3190

AJP requests could be spoofed in some setups.

CVE-2011-3375

Incorrect request caching could lead to information disclosure.

CVE-2011-4858 CVE-2012-0022

This update adds countermeasures against a collision denial of
service vulnerability in the Java hashtable implementation and
addresses denial of service potentials when processing large
amounts of requests.

For the stable distribution (squeeze), this problem has been fixed in
version 6.0.35-1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 6.0.35-1.

Solution:
We recommend that you upgrade your tomcat6 packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1184
Debian Security Information: DSA-2401 (Google Search)
http://www.debian.org/security/2012/dsa-2401
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
http://www.redhat.com/support/errata/RHSA-2011-1845.html
RedHat Security Advisories: RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RedHat Security Advisories: RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RedHat Security Advisories: RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RedHat Security Advisories: RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RedHat Security Advisories: RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RedHat Security Advisories: RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://secunia.com/advisories/57126
SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2204
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48456
http://www.securityfocus.com/bid/48456
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: SSRT100627
http://www.osvdb.org/73429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
http://securitytracker.com/id?1025712
http://secunia.com/advisories/44981
http://secunia.com/advisories/48308
XForce ISS Database: tomcat-jmx-info-disclosure(68238)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
Common Vulnerability Exposure (CVE) ID: CVE-2011-2526
BugTraq ID: 48667
http://www.securityfocus.com/bid/48667
Bugtraq: 20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/518889/100/0/threaded
http://osvdb.org/73797
http://osvdb.org/73798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
http://www.securitytracker.com/id?1025788
http://secunia.com/advisories/45232
XForce ISS Database: tomcat-sendfile-info-disclosure(68541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
http://www.securityfocus.com/bid/49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
http://www.securityfocus.com/archive/1/519466/100/0/threaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
http://www.securitytracker.com/id?1025993
http://secunia.com/advisories/45748
http://secunia.com/advisories/49094
http://securityreason.com/securityalert/8362
XForce ISS Database: tomcat-ajp-security-bypass(69472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Common Vulnerability Exposure (CVE) ID: CVE-2011-3375
Common Vulnerability Exposure (CVE) ID: CVE-2011-4858
BugTraq ID: 51200
http://www.securityfocus.com/bid/51200
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
HPdes Security Advisory: HPSBMU02747
http://marc.info/?l=bugtraq&m=133294394108746&w=2
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100771
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
RedHat Security Advisories: RHSA-2012:0089
http://rhn.redhat.com/errata/RHSA-2012-0089.html
RedHat Security Advisories: RHSA-2012:0406
http://rhn.redhat.com/errata/RHSA-2012-0406.html
http://secunia.com/advisories/48549
http://secunia.com/advisories/48790
http://secunia.com/advisories/48791
http://secunia.com/advisories/54971
http://secunia.com/advisories/55115
Common Vulnerability Exposure (CVE) ID: CVE-2011-5062
Common Vulnerability Exposure (CVE) ID: CVE-2011-5063
Common Vulnerability Exposure (CVE) ID: CVE-2011-5064
Common Vulnerability Exposure (CVE) ID: CVE-2012-0022
BugTraq ID: 51447
http://www.securityfocus.com/bid/51447
Bugtraq: 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:085
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934
RedHat Security Advisories: RHSA-2012:0345
http://rhn.redhat.com/errata/RHSA-2012-0345.html
RedHat Security Advisories: RHSA-2012:1331
http://rhn.redhat.com/errata/RHSA-2012-1331.html
http://secunia.com/advisories/48213
http://secunia.com/advisories/50863
XForce ISS Database: apache-tomcat-parameter-dos(72425)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72425
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.