Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title tomcat5 security update
Informations
Name RHSA-2011:1845 First vendor Publication 2011-12-20
Vendor RedHat Last vendor Modification 2011-12-20
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)

Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)

A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)

Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 741401 - CVE-2011-1184 tomcat: Multiple weaknesses in HTTP DIGEST authentication

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-1845.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-310 Cryptographic Issues
17 % CWE-287 Improper Authentication
17 % CWE-200 Information Exposure
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12517
 
Oval ID: oval:org.mitre.oval:def:12517
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12878
 
Oval ID: oval:org.mitre.oval:def:12878
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13969
 
Oval ID: oval:org.mitre.oval:def:13969
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14931
 
Oval ID: oval:org.mitre.oval:def:14931
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14945
 
Oval ID: oval:org.mitre.oval:def:14945
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19169
 
Oval ID: oval:org.mitre.oval:def:19169
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1184
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19269
 
Oval ID: oval:org.mitre.oval:def:19269
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19379
 
Oval ID: oval:org.mitre.oval:def:19379
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19532
 
Oval ID: oval:org.mitre.oval:def:19532
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21956
 
Oval ID: oval:org.mitre.oval:def:21956
Title: RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): RHSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 42
Platform(s): Red Hat Enterprise Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22151
 
Oval ID: oval:org.mitre.oval:def:22151
Title: RHSA-2011:1845: tomcat5 security update (Moderate)
Description: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Family: unix Class: patch
Reference(s): RHSA-2011:1845-01
CESA-2011:1845
CVE-2010-3718
CVE-2011-0013
CVE-2011-1184
CVE-2011-2204
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22153
 
Oval ID: oval:org.mitre.oval:def:22153
Title: RHSA-2011:1780: tomcat6 security and bug fix update (Moderate)
Description: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Family: unix Class: patch
Reference(s): RHSA-2011:1780-01
CESA-2011:1780
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 94
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22858
 
Oval ID: oval:org.mitre.oval:def:22858
Title: ELSA-2011:1845: tomcat5 security update (Moderate)
Description: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Family: unix Class: patch
Reference(s): ELSA-2011:1845-01
CVE-2010-3718
CVE-2011-0013
CVE-2011-1184
CVE-2011-2204
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 33
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23257
 
Oval ID: oval:org.mitre.oval:def:23257
Title: ELSA-2011:1780: tomcat6 security and bug fix update (Moderate)
Description: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
Family: unix Class: patch
Reference(s): ELSA-2011:1780-01
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 33
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23523
 
Oval ID: oval:org.mitre.oval:def:23523
Title: ELSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): ELSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 17
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27958
 
Oval ID: oval:org.mitre.oval:def:27958
Title: DEPRECATED: ELSA-2011-1845 -- tomcat5 security update (moderate)
Description: [0:5.5.23-0jpp.22] - Resolves: CVE-2011-0013 rhbz 675931 - Resolves: CVE-2010-3718 rhbz 675931 - Resolves: CVE-2011-1184 rhbz 744983 - Resolves: CVE-2011-2204 rhbz 719181
Family: unix Class: patch
Reference(s): ELSA-2011-1845
CVE-2010-3718
CVE-2011-0013
CVE-2011-1184
CVE-2011-2204
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27972
 
Oval ID: oval:org.mitre.oval:def:27972
Title: DEPRECATED: ELSA-2011-1780 -- tomcat6 security and bug fix update (moderate)
Description: [0:6.0.24-35] - Resolves: cve-2011-3190 - Resolves: cve-2011-2204 - Resolves: cve-2011-2526 - Resolves: cve-2011-1184 - Resolves: rhbz 748807 - tomcat6 broken when LANG=fr
Family: unix Class: patch
Reference(s): ELSA-2011-1780
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28146
 
Oval ID: oval:org.mitre.oval:def:28146
Title: DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate)
Description: [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream
Family: unix Class: patch
Reference(s): ELSA-2011-0791
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 79

OpenVAS Exploits

Date Description
2012-08-14 Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-02 Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30 Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0791-01
File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2012-04-02 Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-02-12 Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-16 Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl
2011-12-23 Name : RedHat Update for tomcat5 RHSA-2011:1845-01
File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl
2011-12-23 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl
2011-11-11 Name : Fedora Update for tomcat6 FEDORA-2011-15005
File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl
2011-11-11 Name : Ubuntu Update for tomcat6 USN-1252-1
File : nvt/gb_ubuntu_USN_1252_1.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13456
File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13457
File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl
2011-10-21 Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_156.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-08 Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
File : nvt/gb_tomcat_48456.nasl
2011-05-05 Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01 Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1
File : nvt/gb_ubuntu_USN_1097_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2160-1 (tomcat6)
File : nvt/deb_2160_1.nasl
2011-03-05 Name : FreeBSD Ports: tomcat55
File : nvt/freebsd_tomcat55.nasl
2011-02-22 Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_030.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76189 Apache Tomcat HTTP DIGEST Authentication Weakness

73429 Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure

71558 Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi...

Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files.
71557 Apache Tomcat HTML Manager Multiple XSS

The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO
2012-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2012-02-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2011-12-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO
2011-12-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO
2011-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO
2011-08-30 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO
2011-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO
2011-03-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO
2011-03-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12687.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO
2011-02-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a security bypass vulnerability.
File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:55:27
  • Multiple Updates