oval:org.mitre.oval:def:13787

Definition Id: oval:org.mitre.oval:def:13787

Oval ID:	oval:org.mitre.oval:def:13787
Title:	USN-788-1 -- tomcat6 vulnerabilities
Description:	Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files
Family:	unix	Class:	patch
Reference(s):	USN-788-1 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 9.04	Product(s):	tomcat6
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Installed architecture is all AND Packages section libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu3.2 AND libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6 DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-common DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-user DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu3.2 OR Release section Ubuntu 9.04 is installed AND Installed architecture is all AND Packages section libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu6.1 AND libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu6.1 AND libservlet2.5-java-doc DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6 DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-common DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-user DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu6.1

Definition Id: oval:org.mitre.oval:def:13306

Oval ID:	oval:org.mitre.oval:def:13306
Title:	Ubuntu 8.10 is installed
Description:	Ubuntu 8.10 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:ubuntu:ubuntu_linux:8.10	Version:	3
Platform(s):	Ubuntu 8.10	Product(s):
Definition Synopsis:
Ubuntu 8.10 is installed
Referenced By:
oval:org.mitre.oval:def:13787

Definition Id: oval:org.mitre.oval:def:12669

Oval ID:	oval:org.mitre.oval:def:12669
Title:	Ubuntu 9.04 is installed
Description:	Ubuntu 9.04 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:canonical:ubuntu_linux:9.04	Version:	5
Platform(s):	Ubuntu 9.04	Product(s):
Definition Synopsis:
Ubuntu 9.04 is installed
Referenced By:
oval:org.mitre.oval:def:13787

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0250s

Facebook rss twitter linkedin mail