Amazon Linux AMI : tomcat6 (ALAS-2011-25)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0
through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and
possibly other versions allow remote attackers to spoof AJP requests,
bypass authentication, and obtain sensitive information by causing the
connector to interpret a request body as a new request.

The HTTP Digest Access Authentication implementation in Apache Tomcat
5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not
have the expected countermeasures against replay attacks, which makes
it easier for remote attackers to bypass intended access restrictions
by sniffing the network for valid requests, related to lack of
checking of nonce (aka server nonce) and nc (aka nonce-count or client
nonce count) values.

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before
7.0.17, when the MemoryUserDatabase is used, creates log entries
containing passwords upon encountering errors in JMX user creation,
which allows local users to obtain sensitive information by reading a
log file.

See also :

http://www.nessus.org/u?25c9cbd7

Solution :

Run 'yum update tomcat6' to update your system.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69584 ()

Bugtraq ID:

CVE ID: CVE-2011-1184
CVE-2011-2204
CVE-2011-3190