Detections
Analytics
openSUSE Security Update : tomcat6 (tomcat6-2000)
medium Nessus Plugin ID 45462
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update of tomcat5/6 fixes :- CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:
CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.
- CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
- CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.
Solution
Update the affected tomcat6 packages.See Also
Plugin Details
Severity: Medium
ID: 45462
File Name: suse_11_1_tomcat6-100211.nasl
Version: 1.9
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/9/2010
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:tomcat6, p-cpe:/a:novell:opensuse:tomcat6-admin-webapps, p-cpe:/a:novell:opensuse:tomcat6-docs-webapp, p-cpe:/a:novell:opensuse:tomcat6-javadoc, p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api, p-cpe:/a:novell:opensuse:tomcat6-lib, p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api, p-cpe:/a:novell:opensuse:tomcat6-webapps, cpe:/o:novell:opensuse:11.1
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 2/11/2010
Reference Information
CVE: CVE-2008-5515, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902