SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

medium Nessus Plugin ID 64430

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update of tomcat6 fixes the following security issues :

- denial of service. (CVE-2012-4534)

- tomcat: HTTP NIO connector OOM DoS via a request with large headers. (CVE-2012-2733)

- tomcat: cnonce tracking weakness. (CVE-2012-5885)

- tomcat: authentication caching weakness. (CVE-2012-5886)

- tomcat: stale nonce weakness. (CVE-2012-5887)

- tomcat: affected by slowloris DoS. (CVE-2012-5568)

- tomcat: Bypass of security constraints. (CVE-2012-3546)

- tomcat: bypass of CSRF prevention filter.
(CVE-2012-4431)

Solution

Apply SAT patch number 7208.

Plugin Details

Severity: Medium

ID: 64430

File Name: suse_11_tomcat6-130107.nasl

Version: 1.10

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/4/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api, p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp, p-cpe:/a:novell:suse_linux:11:tomcat6, p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc, p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api, p-cpe:/a:novell:suse_linux:11:tomcat6-lib, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps, p-cpe:/a:novell:suse_linux:11:tomcat6-webapps

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/7/2013

Reference Information

CVE: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5568, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887

Detections

Analytics