Test ID:	1.3.6.1.4.1.25623.1.0.53425
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 169-1 (tomcat4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tomcat4 announced via advisory DSA 169-1. A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated. This problem has been fixed in version 4.0.3-3woody1 for the current stable distribution (woody) and in version 4.1.12-1 for the unstable release (sid). The old stable release (potato) does not contain tomcat packages. Also, packages for tomcat3 are not vulnerable to this problem. We recommend that you upgrade your tomcat package immediately. Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20169-1 CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1195 BugTraq ID: 5699 http://www.securityfocus.com/bid/5699 Bugtraq: 20020912 ht://Check XSS (Google Search) http://marc.info/?l=bugtraq&m=103184269605160&w=2 Debian Security Information: DSA-169 (Google Search) http://www.debian.org/security/2002/dsa-169 http://www.iss.net/security_center/static/10089.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.