GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-201206-24
(Apache Tomcat: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Apache Tomcat. Please
review the CVE identifiers referenced below for details.

Impact :

The vulnerabilities allow an attacker to cause a Denial of Service, to
hijack a session, to bypass authentication, to inject webscript, to
enumerate valid usernames, to read, modify and overwrite arbitrary files,
to bypass intended access restrictions, to delete work-directory files,
to discover the server&rsquo
s hostname or IP, to bypass read permissions for
files or HTTP headers, to read or write files outside of the intended
working directory, and to obtain sensitive information by reading a log

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial