Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.53425 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 169-1 (tomcat4) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to tomcat4 announced via advisory DSA 169-1. A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated. This problem has been fixed in version 4.0.3-3woody1 for the current stable distribution (woody) and in version 4.1.12-1 for the unstable release (sid). The old stable release (potato) does not contain tomcat packages. Also, packages for tomcat3 are not vulnerable to this problem. We recommend that you upgrade your tomcat package immediately. Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20169-1 CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1195 BugTraq ID: 5699 http://www.securityfocus.com/bid/5699 Bugtraq: 20020912 ht://Check XSS (Google Search) http://marc.info/?l=bugtraq&m=103184269605160&w=2 Debian Security Information: DSA-169 (Google Search) http://www.debian.org/security/2002/dsa-169 http://www.iss.net/security_center/static/10089.php |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |