Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.4.2012.0155.1 |
Kategorie: | SuSE Local Security Checks |
Titel: | SUSE: Security Advisory (SUSE-SU-2012:0155-1) |
Zusammenfassung: | The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2012:0155-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2012:0155-1 advisory. Vulnerability Insight: This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces). In addition, multiple weaknesses in HTTP DIGESTS have been fixed (CVE-2011-1184): * CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. * CVE-2011-5063: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. * CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. Security Issue references: * CVE-2011-1184 > * CVE-2011-5062 > * CVE-2011-5063 > * CVE-2011-5064 > Affected Software/OS: 'tomcat6' package(s) on SUSE Linux Enterprise Server 11 SP1, SUSE Manager 1.2. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1184 Debian Security Information: DSA-2401 (Google Search) http://www.debian.org/security/2012/dsa-2401 HPdes Security Advisory: HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 HPdes Security Advisory: SSRT100825 HPdes Security Advisory: SSRT101146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:156 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169 http://www.redhat.com/support/errata/RHSA-2011-1845.html RedHat Security Advisories: RHSA-2012:0074 http://rhn.redhat.com/errata/RHSA-2012-0074.html RedHat Security Advisories: RHSA-2012:0075 http://rhn.redhat.com/errata/RHSA-2012-0075.html RedHat Security Advisories: RHSA-2012:0076 http://rhn.redhat.com/errata/RHSA-2012-0076.html RedHat Security Advisories: RHSA-2012:0077 http://rhn.redhat.com/errata/RHSA-2012-0077.html RedHat Security Advisories: RHSA-2012:0078 http://rhn.redhat.com/errata/RHSA-2012-0078.html RedHat Security Advisories: RHSA-2012:0325 http://rhn.redhat.com/errata/RHSA-2012-0325.html http://secunia.com/advisories/57126 SuSE Security Announcement: SUSE-SU-2012:0155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:0208 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2011-5062 Common Vulnerability Exposure (CVE) ID: CVE-2011-5063 Common Vulnerability Exposure (CVE) ID: CVE-2011-5064 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |