ID de Prueba:	1.3.6.1.4.1.25623.1.0.803781
Categoría:	Web Servers
Título:	Apache Tomcat SecurityManager Security Bypass Vulnerability
Resumen:	Apache Tomcat is prone to a security bypass vulnerability.
Descripción:	Summary: Apache Tomcat is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is due to the ServletContect attribute being improperly restricted to read-only setting. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass certain authentication and obtain sensitive information. Affected Software/OS: Apache Tomcat version 5.5.x before 5.5.30 Apache Tomcat version 6.0.x before 6.0.30 Apache Tomcat version 7.0.x before 7.0.4 Solution: Upgrade Apache Tomcat version to 5.5.30, 6.0.30, 7.0.4 or later. CVSS Score: 1.2 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3718 1025025 http://www.securitytracker.com/id?1025025 20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions http://www.securityfocus.com/archive/1/516211/100/0/threaded 43192 http://secunia.com/advisories/43192 45022 http://secunia.com/advisories/45022 46177 http://www.securityfocus.com/bid/46177 57126 http://secunia.com/advisories/57126 8072 http://securityreason.com/securityalert/8072 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html DSA-2160 http://www.debian.org/security/2011/dsa-2160 HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPSBUX02645 http://marc.info/?l=bugtraq&m=130168502603566&w=2 HPSBUX02725 http://marc.info/?l=bugtraq&m=132215163318824&w=2 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 MDVSA-2011:030 http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 RHSA-2011:0791 http://www.redhat.com/support/errata/RHSA-2011-0791.html RHSA-2011:0896 http://www.redhat.com/support/errata/RHSA-2011-0896.html RHSA-2011:0897 http://www.redhat.com/support/errata/RHSA-2011-0897.html RHSA-2011:1845 http://www.redhat.com/support/errata/RHSA-2011-1845.html SSRT100627 SSRT101146 SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT5002 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html oval:org.mitre.oval:def:12517 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517 oval:org.mitre.oval:def:13969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969 oval:org.mitre.oval:def:19379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379 tomcat-servletcontect-sec-bypass(65159) https://exchange.xforce.ibmcloud.com/vulnerabilities/65159
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.