Test Kennung:	1.3.6.1.4.1.25623.1.0.851455
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)
Zusammenfassung:	The remote host is missing an update for the 'tomcat'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'tomcat' package(s) announced via the referenced advisory. Vulnerability Insight: This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bugs fixed: - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728) - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in the referenced documentation. (bsc#1002639) - Fixed regression caused by CVE-2016-6816. This update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface. This update was imported from the SUSE:SLE-12-SP1:Update update project. Affected Software/OS: tomcat on openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0762 BugTraq ID: 93939 http://www.securityfocus.com/bid/93939 https://security.netapp.com/advisory/ntap-20180605-0001/ Debian Security Information: DSA-3720 (Google Search) http://www.debian.org/security/2016/dsa-3720 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0455 RedHat Security Advisories: RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0456 RedHat Security Advisories: RHSA-2017:0457 http://rhn.redhat.com/errata/RHSA-2017-0457.html RedHat Security Advisories: RHSA-2017:2247 https://access.redhat.com/errata/RHSA-2017:2247 http://www.securitytracker.com/id/1037144 https://usn.ubuntu.com/4557-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-5018 BugTraq ID: 93942 http://www.securityfocus.com/bid/93942 http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e@%3Cannounce.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:1548 https://access.redhat.com/errata/RHSA-2017:1548 RedHat Security Advisories: RHSA-2017:1549 https://access.redhat.com/errata/RHSA-2017:1549 RedHat Security Advisories: RHSA-2017:1550 https://access.redhat.com/errata/RHSA-2017:1550 RedHat Security Advisories: RHSA-2017:1551 http://rhn.redhat.com/errata/RHSA-2017-1551.html RedHat Security Advisories: RHSA-2017:1552 https://access.redhat.com/errata/RHSA-2017:1552 http://www.securitytracker.com/id/1037142 http://www.securitytracker.com/id/1038757 Common Vulnerability Exposure (CVE) ID: CVE-2016-6794 BugTraq ID: 93943 http://www.securityfocus.com/bid/93943 https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E http://www.securitytracker.com/id/1037143 Common Vulnerability Exposure (CVE) ID: CVE-2016-6796 BugTraq ID: 93944 http://www.securityfocus.com/bid/93944 https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E http://www.securitytracker.com/id/1037141 Common Vulnerability Exposure (CVE) ID: CVE-2016-6797 BugTraq ID: 93940 http://www.securityfocus.com/bid/93940 https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E http://www.securitytracker.com/id/1037145 Common Vulnerability Exposure (CVE) ID: CVE-2016-6816 BugTraq ID: 94461 http://www.securityfocus.com/bid/94461 Debian Security Information: DSA-3738 (Google Search) http://www.debian.org/security/2016/dsa-3738 https://www.exploit-db.com/exploits/41783/ RedHat Security Advisories: RHSA-2017:0244 http://rhn.redhat.com/errata/RHSA-2017-0244.html RedHat Security Advisories: RHSA-2017:0245 http://rhn.redhat.com/errata/RHSA-2017-0245.html RedHat Security Advisories: RHSA-2017:0246 http://rhn.redhat.com/errata/RHSA-2017-0246.html RedHat Security Advisories: RHSA-2017:0247 http://rhn.redhat.com/errata/RHSA-2017-0247.html RedHat Security Advisories: RHSA-2017:0250 http://rhn.redhat.com/errata/RHSA-2017-0250.html RedHat Security Advisories: RHSA-2017:0527 http://rhn.redhat.com/errata/RHSA-2017-0527.html RedHat Security Advisories: RHSA-2017:0935 https://access.redhat.com/errata/RHSA-2017:0935 http://www.securitytracker.com/id/1037332 Common Vulnerability Exposure (CVE) ID: CVE-2016-8735 BugTraq ID: 94463 http://www.securityfocus.com/bid/94463 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html http://www.securitytracker.com/id/1037331
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.