English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.59988
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2007:241 (tomcat5)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to tomcat5
announced via advisory MDKSA-2007:241.

A number of vulnerabilities were found in Tomcat:

A directory traversal vulnerability, when using certain proxy modules,
allows a remote attacker to read arbitrary files via a .. (dot dot)
sequence with various slash, backslash, or url-encoded backslash
characters (CVE-2007-0450
affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files
allow remote attackers to inject arbitrary web script or HTML
(CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host
Manager web applications allow remote authenticated users to inject
arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could
cause sensitive information such as session IDs to be leaked and allow
remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the character sequence in a cookie
value, which could cause sensitive information such as session IDs
to be leaked and allow remote attackers to conduct session hijacking
attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet
allowed remote attackers to inject arbitrary HTML and web script via
crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues.

Affected: 2007.1, 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:241

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0450
20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal
http://www.securityfocus.com/archive/1/462791/100/0/threaded
20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
http://www.securityfocus.com/archive/1/485938/100/0/threaded
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/500396/100/0/threaded
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
22960
http://www.securityfocus.com/bid/22960
239312
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
2446
http://securityreason.com/securityalert/2446
24732
http://secunia.com/advisories/24732
25106
http://secunia.com/advisories/25106
25159
http://www.securityfocus.com/bid/25159
25280
http://secunia.com/advisories/25280
26235
http://secunia.com/advisories/26235
26660
http://secunia.com/advisories/26660
27037
http://secunia.com/advisories/27037
28365
http://secunia.com/advisories/28365
30899
http://secunia.com/advisories/30899
30908
http://secunia.com/advisories/30908
33668
http://secunia.com/advisories/33668
ADV-2007-0975
http://www.vupen.com/english/advisories/2007/0975
ADV-2007-2732
http://www.vupen.com/english/advisories/2007/2732
ADV-2007-3087
http://www.vupen.com/english/advisories/2007/3087
ADV-2007-3386
http://www.vupen.com/english/advisories/2007/3386
ADV-2008-0065
http://www.vupen.com/english/advisories/2008/0065
ADV-2008-1979
http://www.vupen.com/english/advisories/2008/1979/references
ADV-2009-0233
http://www.vupen.com/english/advisories/2009/0233
APPLE-SA-2007-07-31
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
GLSA-200705-03
http://security.gentoo.org/glsa/glsa-200705-03.xml
HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
MDKSA-2007:241
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
RHSA-2007:0327
http://www.redhat.com/support/errata/RHSA-2007-0327.html
RHSA-2007:0360
http://www.redhat.com/support/errata/RHSA-2007-0360.html
RHSA-2008:0261
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SSRT071447
SUSE-SR:2007:005
http://www.novell.com/linux/security/advisories/2007_5_sr.html
SUSE-SR:2007:015
http://www.novell.com/linux/security/advisories/2007_15_sr.html
[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://docs.info.apple.com/article.html?artnum=306172
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html
http://www.sec-consult.com/287.html
http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt
oval:org.mitre.oval:def:10643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643
tomcat-proxy-directory-traversal(32988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
Common Vulnerability Exposure (CVE) ID: CVE-2007-2449
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
BugTraq ID: 24476
http://www.securityfocus.com/bid/24476
Bugtraq: 20070614 [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples (Google Search)
http://www.securityfocus.com/archive/1/471351/100/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/36080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10578
http://www.redhat.com/support/errata/RHSA-2007-0569.html
RedHat Security Advisories: RHSA-2008:0630
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://www.securitytracker.com/id?1018245
http://secunia.com/advisories/26076
http://secunia.com/advisories/27727
http://secunia.com/advisories/29392
http://secunia.com/advisories/30802
http://secunia.com/advisories/31493
http://securityreason.com/securityalert/2804
SuSE Security Announcement: SUSE-SR:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2007/2213
http://www.vupen.com/english/advisories/2008/1981/references
XForce ISS Database: tomcat-example-xss(34869)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34869
Common Vulnerability Exposure (CVE) ID: CVE-2007-2450
BugTraq ID: 24475
http://www.securityfocus.com/bid/24475
Bugtraq: 20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager (Google Search)
http://www.securityfocus.com/archive/1/471357/100/0/threaded
Debian Security Information: DSA-1468 (Google Search)
http://www.debian.org/security/2008/dsa-1468
http://jvn.jp/jp/JVN%2307100457/index.html
http://www.osvdb.org/36079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287
http://secunia.com/advisories/25678
http://secunia.com/advisories/28549
http://securityreason.com/securityalert/2813
XForce ISS Database: tomcat-hostmanager-xss(34868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34868
Common Vulnerability Exposure (CVE) ID: CVE-2007-3382
AIX APAR: IZ55562
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562
BugTraq ID: 25316
http://www.securityfocus.com/bid/25316
Bugtraq: 20070814 CVE-2007-3382: Handling of cookies containing a ' character (Google Search)
http://www.securityfocus.com/archive/1/476442/100/0/threaded
Bugtraq: 20070814 Re: CVE-2007-3382: Handling of cookies containing a ' character (Google Search)
http://www.securityfocus.com/archive/1/476466/100/0/threaded
CERT/CC vulnerability note: VU#993544
http://www.kb.cert.org/vuls/id/993544
Debian Security Information: DSA-1447 (Google Search)
http://www.debian.org/security/2008/dsa-1447
Debian Security Information: DSA-1453 (Google Search)
http://www.debian.org/security/2008/dsa-1453
HPdes Security Advisory: HPSBTU02276
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554
HPdes Security Advisory: SSRT071472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269
http://www.redhat.com/support/errata/RHSA-2007-0871.html
http://www.redhat.com/support/errata/RHSA-2007-0950.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://securitytracker.com/id?1018556
http://secunia.com/advisories/26466
http://secunia.com/advisories/26898
http://secunia.com/advisories/27267
http://secunia.com/advisories/28317
http://secunia.com/advisories/28361
http://secunia.com/advisories/29242
http://secunia.com/advisories/36486
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2007/2902
http://www.vupen.com/english/advisories/2007/3527
XForce ISS Database: tomcat-quotecookie-information-disclosure(36006)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
Common Vulnerability Exposure (CVE) ID: CVE-2007-3385
Bugtraq: 20070814 CVE-2007-3385: Handling of \" in cookies (Google Search)
http://www.securityfocus.com/archive/1/476444/100/0/threaded
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9549
http://securitytracker.com/id?1018557
http://secunia.com/advisories/44183
http://securityreason.com/securityalert/3011
XForce ISS Database: tomcat-slashcookie-information-disclosure(35999)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35999
Common Vulnerability Exposure (CVE) ID: CVE-2007-3386
BugTraq ID: 25314
http://www.securityfocus.com/bid/25314
Bugtraq: 20070814 CVE-2007-3386: XSS in Host Manager (Google Search)
http://www.securityfocus.com/archive/1/476448/100/0/threaded
http://jvn.jp/jp/JVN%2359851336/index.html
http://osvdb.org/36417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077
http://securitytracker.com/id?1018558
http://secunia.com/advisories/26465
http://securityreason.com/securityalert/3010
http://www.vupen.com/english/advisories/2007/2880
XForce ISS Database: tomcat-hostmanager-alias-xss(36001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36001
Common Vulnerability Exposure (CVE) ID: CVE-2007-5461
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 26070
http://www.securityfocus.com/bid/26070
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.exploit-db.com/exploits/4530
http://marc.info/?l=full-disclosure&m=119239530508382
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://issues.apache.org/jira/browse/GERONIMO-3549
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.securitytracker.com/id?1018864
http://secunia.com/advisories/27398
http://secunia.com/advisories/27446
http://secunia.com/advisories/27481
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/30676
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://www.vupen.com/english/advisories/2007/3622
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: apache-tomcat-webdav-dir-traversal(37243)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.