Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2020.14375.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2020:14375-1)
Resumen:The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2020:14375-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'tomcat6' package(s) announced via the SUSE-SU-2020:14375-1 advisory.

Vulnerability Insight:
This update for tomcat6 fixes the following issues:

CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence

If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control.

CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack

When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS.

Affected Software/OS:
'tomcat6' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-0221
BugTraq ID: 108545
http://www.securityfocus.com/bid/108545
Bugtraq: 20191229 [SECURITY] [DSA 4596-1] tomcat8 security update (Google Search)
https://seclists.org/bugtraq/2019/Dec/43
https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
https://security.netapp.com/advisory/ntap-20190606-0001/
https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS
Debian Security Information: DSA-4596 (Google Search)
https://www.debian.org/security/2019/dsa-4596
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/
http://seclists.org/fulldisclosure/2019/May/50
https://security.gentoo.org/glsa/202003-43
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3929
RedHat Security Advisories: RHSA-2019:3931
https://access.redhat.com/errata/RHSA-2019:3931
SuSE Security Announcement: openSUSE-SU-2019:1673 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html
SuSE Security Announcement: openSUSE-SU-2019:1808 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html
https://usn.ubuntu.com/4128-1/
https://usn.ubuntu.com/4128-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-9484
https://kc.mcafee.com/corporate/index?page=content&id=SB10332
https://security.netapp.com/advisory/ntap-20200528-0005/
Debian Security Information: DSA-4727 (Google Search)
https://www.debian.org/security/2020/dsa-4727
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
http://seclists.org/fulldisclosure/2020/Jun/6
https://security.gentoo.org/glsa/202006-21
http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html
http://www.openwall.com/lists/oss-security/2021/03/01/2
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E
SuSE Security Announcement: openSUSE-SU-2020:0711 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html
https://usn.ubuntu.com/4448-1/
https://usn.ubuntu.com/4596-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.