Executive Summary
Summary | |
---|---|
Title | tomcat5 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:1845 | First vendor Publication | 2011-12-20 |
Vendor | RedHat | Last vendor Modification | 2011-12-20 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 741401 - CVE-2011-1184 tomcat: Multiple weaknesses in HTTP DIGEST authentication |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-1845.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-310 | Cryptographic Issues |
17 % | CWE-287 | Improper Authentication |
17 % | CWE-200 | Information Exposure |
17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13969 | |||
Oval ID: | oval:org.mitre.oval:def:13969 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14931 | |||
Oval ID: | oval:org.mitre.oval:def:14931 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14945 | |||
Oval ID: | oval:org.mitre.oval:def:14945 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19169 | |||
Oval ID: | oval:org.mitre.oval:def:19169 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1184 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19269 | |||
Oval ID: | oval:org.mitre.oval:def:19269 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19379 | |||
Oval ID: | oval:org.mitre.oval:def:19379 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19532 | |||
Oval ID: | oval:org.mitre.oval:def:19532 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23257 | |||
Oval ID: | oval:org.mitre.oval:def:23257 | ||
Title: | ELSA-2011:1780: tomcat6 security and bug fix update (Moderate) | ||
Description: | DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1780-01 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 | Version: | 33 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23523 | |||
Oval ID: | oval:org.mitre.oval:def:23523 | ||
Title: | ELSA-2011:0791: tomcat6 security and bug fix update (Moderate) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28146 | |||
Oval ID: | oval:org.mitre.oval:def:28146 | ||
Title: | DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate) | ||
Description: | [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-14 | Name : Fedora Update for tomcat6 FEDORA-2012-7593 File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-08-02 | Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6) File : nvt/gb_suse_2012_0208_1.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2011:1780 centos6 File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2011:1780-01 File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl |
2012-04-02 | Name : Fedora Update for tomcat6 FEDORA-2011-13426 File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2401-1 (tomcat6) File : nvt/deb_2401_1.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2012-01-16 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win) File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl |
2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
2011-12-23 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl |
2011-11-11 | Name : Fedora Update for tomcat6 FEDORA-2011-15005 File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl |
2011-11-11 | Name : Ubuntu Update for tomcat6 USN-1252-1 File : nvt/gb_ubuntu_USN_1252_1.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13456 File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-21 | Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_156.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-09-08 | Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability File : nvt/gb_tomcat_48456.nasl |
2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
2011-04-01 | Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 File : nvt/gb_ubuntu_USN_1097_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2160-1 (tomcat6) File : nvt/deb_2160_1.nasl |
2011-03-05 | Name : FreeBSD Ports: tomcat55 File : nvt/freebsd_tomcat55.nasl |
2011-02-22 | Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_030.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76189 | Apache Tomcat HTTP DIGEST Authentication Weakness |
73429 | Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure |
71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files. |
71557 | Apache Tomcat HTML Manager Multiple XSS The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-02-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-09-26 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO |
2011-08-03 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12687.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a security bypass vulnerability. File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:27 |
|