Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.881689
Kategorie:CentOS Local Security Checks
Titel:CentOS Update for tomcat6 CESA-2013:0623 centos6
Zusammenfassung:The remote host is missing an update for the 'tomcat6'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'tomcat6'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Tomcat is a servlet container.

It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending _security_check to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)

A flaw was found in the way Tomcat handled sendfile operations when using
the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker
could use this flaw to cause a denial of service (infinite loop). The HTTP
blocking IO (BIO) connector, which is not vulnerable to this issue, is used
by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)

Multiple weaknesses were found in the Tomcat DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)

Users of Tomcat should upgrade to these updated packages, which correct
these issues. Tomcat must be restarted for this update to take effect.

Affected Software/OS:
tomcat6 on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3546
BugTraq ID: 56812
http://www.securityfocus.com/bid/56812
Bugtraq: 20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html
HPdes Security Advisory: HPSBMU02873
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
HPdes Security Advisory: SSRT101182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305
RedHat Security Advisories: RHSA-2013:0004
http://rhn.redhat.com/errata/RHSA-2013-0004.html
RedHat Security Advisories: RHSA-2013:0005
http://rhn.redhat.com/errata/RHSA-2013-0005.html
RedHat Security Advisories: RHSA-2013:0146
http://rhn.redhat.com/errata/RHSA-2013-0146.html
RedHat Security Advisories: RHSA-2013:0147
http://rhn.redhat.com/errata/RHSA-2013-0147.html
RedHat Security Advisories: RHSA-2013:0151
http://rhn.redhat.com/errata/RHSA-2013-0151.html
RedHat Security Advisories: RHSA-2013:0157
http://rhn.redhat.com/errata/RHSA-2013-0157.html
RedHat Security Advisories: RHSA-2013:0158
http://rhn.redhat.com/errata/RHSA-2013-0158.html
RedHat Security Advisories: RHSA-2013:0162
http://rhn.redhat.com/errata/RHSA-2013-0162.html
RedHat Security Advisories: RHSA-2013:0163
http://rhn.redhat.com/errata/RHSA-2013-0163.html
RedHat Security Advisories: RHSA-2013:0164
http://rhn.redhat.com/errata/RHSA-2013-0164.html
RedHat Security Advisories: RHSA-2013:0191
http://rhn.redhat.com/errata/RHSA-2013-0191.html
RedHat Security Advisories: RHSA-2013:0192
http://rhn.redhat.com/errata/RHSA-2013-0192.html
RedHat Security Advisories: RHSA-2013:0193
http://rhn.redhat.com/errata/RHSA-2013-0193.html
RedHat Security Advisories: RHSA-2013:0194
http://rhn.redhat.com/errata/RHSA-2013-0194.html
RedHat Security Advisories: RHSA-2013:0195
http://rhn.redhat.com/errata/RHSA-2013-0195.html
RedHat Security Advisories: RHSA-2013:0196
http://rhn.redhat.com/errata/RHSA-2013-0196.html
RedHat Security Advisories: RHSA-2013:0197
http://rhn.redhat.com/errata/RHSA-2013-0197.html
RedHat Security Advisories: RHSA-2013:0198
http://rhn.redhat.com/errata/RHSA-2013-0198.html
RedHat Security Advisories: RHSA-2013:0221
http://rhn.redhat.com/errata/RHSA-2013-0221.html
RedHat Security Advisories: RHSA-2013:0235
http://rhn.redhat.com/errata/RHSA-2013-0235.html
RedHat Security Advisories: RHSA-2013:0623
http://rhn.redhat.com/errata/RHSA-2013-0623.html
RedHat Security Advisories: RHSA-2013:0640
http://rhn.redhat.com/errata/RHSA-2013-0640.html
RedHat Security Advisories: RHSA-2013:0641
http://rhn.redhat.com/errata/RHSA-2013-0641.html
RedHat Security Advisories: RHSA-2013:0642
http://rhn.redhat.com/errata/RHSA-2013-0642.html
http://www.securitytracker.com/id?1027833
http://secunia.com/advisories/51984
http://secunia.com/advisories/52054
http://secunia.com/advisories/57126
SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://www.ubuntu.com/usn/USN-1685-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-4534
BugTraq ID: 56813
http://www.securityfocus.com/bid/56813
Bugtraq: 20121204 CVE-2012-4534 Apache Tomcat denial of service (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398
http://www.securitytracker.com/id?1027836
SuSE Security Announcement: openSUSE-SU-2013:0161 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
SuSE Security Announcement: openSUSE-SU-2013:0170 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html
SuSE Security Announcement: openSUSE-SU-2013:0192 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-5885
BugTraq ID: 56403
http://www.securityfocus.com/bid/56403
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT101146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432
RedHat Security Advisories: RHSA-2013:0629
http://rhn.redhat.com/errata/RHSA-2013-0629.html
RedHat Security Advisories: RHSA-2013:0631
http://rhn.redhat.com/errata/RHSA-2013-0631.html
RedHat Security Advisories: RHSA-2013:0632
http://rhn.redhat.com/errata/RHSA-2013-0632.html
RedHat Security Advisories: RHSA-2013:0633
http://rhn.redhat.com/errata/RHSA-2013-0633.html
RedHat Security Advisories: RHSA-2013:0647
http://rhn.redhat.com/errata/RHSA-2013-0647.html
RedHat Security Advisories: RHSA-2013:0648
http://rhn.redhat.com/errata/RHSA-2013-0648.html
RedHat Security Advisories: RHSA-2013:0726
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://secunia.com/advisories/51371
http://www.ubuntu.com/usn/USN-1637-1
XForce ISS Database: tomcat-replay-security-bypass(80408)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
Common Vulnerability Exposure (CVE) ID: CVE-2012-5886
XForce ISS Database: tomcat-http-Digest-security-bypass(80407)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80407
Common Vulnerability Exposure (CVE) ID: CVE-2012-5887
XForce ISS Database: tomcat-digest-security-bypass(79809)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79809
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.