Test ID:	1.3.6.1.4.1.25623.1.0.703552
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3552-1)
Summary:	The remote host is missing an update for the Debian 'tomcat7' package(s) announced via the DSA-3552-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tomcat7' package(s) announced via the DSA-3552-1 advisory. Vulnerability Insight: Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. For the oldstable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119 and CVE-2014-0096. For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 7.0.68-1. For the unstable distribution (sid), these problems have been fixed in version 7.0.68-1. We recommend that you upgrade your tomcat7 packages. Affected Software/OS: 'tomcat7' package(s) on Debian 7, Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5174 BugTraq ID: 83329 http://www.securityfocus.com/bid/83329 Bugtraq: 20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal (Google Search) http://seclists.org/bugtraq/2016/Feb/149 Debian Security Information: DSA-3530 (Google Search) http://www.debian.org/security/2016/dsa-3530 Debian Security Information: DSA-3552 (Google Search) http://www.debian.org/security/2016/dsa-3552 Debian Security Information: DSA-3609 (Google Search) http://www.debian.org/security/2016/dsa-3609 https://security.gentoo.org/glsa/201705-09 HPdes Security Advisory: HPSBUX03561 http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2016:1432 https://access.redhat.com/errata/RHSA-2016:1432 RedHat Security Advisories: RHSA-2016:1433 https://access.redhat.com/errata/RHSA-2016:1433 RedHat Security Advisories: RHSA-2016:1434 https://access.redhat.com/errata/RHSA-2016:1434 RedHat Security Advisories: RHSA-2016:1435 http://rhn.redhat.com/errata/RHSA-2016-1435.html RedHat Security Advisories: RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RedHat Security Advisories: RHSA-2016:2599 http://rhn.redhat.com/errata/RHSA-2016-2599.html http://www.securitytracker.com/id/1035070 SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://www.ubuntu.com/usn/USN-3024-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5345 BugTraq ID: 83328 http://www.securityfocus.com/bid/83328 Bugtraq: 20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure (Google Search) http://seclists.org/bugtraq/2016/Feb/146 http://seclists.org/fulldisclosure/2016/Feb/122 http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html RedHat Security Advisories: RHSA-2016:1087 https://access.redhat.com/errata/RHSA-2016:1087 RedHat Security Advisories: RHSA-2016:1088 https://access.redhat.com/errata/RHSA-2016:1088 RedHat Security Advisories: RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://www.securitytracker.com/id/1035071 Common Vulnerability Exposure (CVE) ID: CVE-2015-5346 BugTraq ID: 83323 http://www.securityfocus.com/bid/83323 Bugtraq: 20160222 [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation (Google Search) http://seclists.org/bugtraq/2016/Feb/143 http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html RedHat Security Advisories: RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html RedHat Security Advisories: RHSA-2016:2807 http://rhn.redhat.com/errata/RHSA-2016-2807.html RedHat Security Advisories: RHSA-2016:2808 http://rhn.redhat.com/errata/RHSA-2016-2808.html http://www.securitytracker.com/id/1035069 Common Vulnerability Exposure (CVE) ID: CVE-2015-5351 BugTraq ID: 83330 http://www.securityfocus.com/bid/83330 Bugtraq: 20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak (Google Search) http://seclists.org/bugtraq/2016/Feb/148 http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0706 BugTraq ID: 83324 http://www.securityfocus.com/bid/83324 Bugtraq: 20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass (Google Search) http://seclists.org/bugtraq/2016/Feb/144 Common Vulnerability Exposure (CVE) ID: CVE-2016-0714 BugTraq ID: 83327 http://www.securityfocus.com/bid/83327 Bugtraq: 20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass (Google Search) http://seclists.org/bugtraq/2016/Feb/145 http://www.securitytracker.com/id/1037640 Common Vulnerability Exposure (CVE) ID: CVE-2016-0763 BugTraq ID: 83326 http://www.securityfocus.com/bid/83326 Bugtraq: 20160222 [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass (Google Search) http://seclists.org/bugtraq/2016/Feb/147 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.