VMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing a security-related patch.

Description :

a. Update for VirtualCenter and ESX patch update Apache Tomcat version
to 5.5.27

Update for VirtualCenter and ESX patch update the Tomcat package to
version 5.5.27 which addresses multiple security issues that existed
in the previous version of Apache Tomcat.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-1232, CVE-2008-1947 and
CVE-2008-2370 to these issues.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000072.html

Solution :

Apply the missing patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 42178 ()

Bugtraq ID: 29502
30494
30496

CVE ID: CVE-2008-1232
CVE-2008-1947
CVE-2008-2370