Test Kennung:	1.3.6.1.4.1.25623.1.0.882434
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for tomcat6 CESA-2016:0492 centos6
Zusammenfassung:	Check the version of tomcat6
Beschreibung:	Summary: Check the version of tomcat6 Vulnerability Insight: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. (BZ#1301646) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. Affected Software/OS: tomcat6 on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7810 BugTraq ID: 74665 http://www.securityfocus.com/bid/74665 Debian Security Information: DSA-3428 (Google Search) http://www.debian.org/security/2015/dsa-3428 Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2015:1621 http://rhn.redhat.com/errata/RHSA-2015-1621.html RedHat Security Advisories: RHSA-2015:1622 http://rhn.redhat.com/errata/RHSA-2015-1622.html RedHat Security Advisories: RHSA-2016:0492 http://rhn.redhat.com/errata/RHSA-2016-0492.html RedHat Security Advisories: RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.securitytracker.com/id/1032330 http://www.ubuntu.com/usn/USN-2654-1 http://www.ubuntu.com/usn/USN-2655-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.