This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A number of vulnerabilities have been discovered in the Apache Tomcat
The default catalina.policy in the JULI logging component did not
restrict certain permissions for web applications which could allow a
remote attacker to modify logging configuration options and overwrite
arbitrary files (CVE-2007-5342).
A cross-site scripting vulnerability was found in the
HttpServletResponse.sendError() method which could allow a remote
attacker to inject arbitrary web script or HTML via forged HTTP
A cross-site scripting vulnerability was found in the host manager
application that could allow a remote attacker to inject arbitrary web
script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when using a RequestDispatcher in
combination with a servlet or JSP that could allow a remote attacker
to utilize a specially crafted request parameter to access protected
web resources (CVE-2008-2370).
A traversal vulnerability was found when the 'allowLinking' and
'URIencoding' settings were actived which could allow a remote
attacker to use a UTF-8-encoded request to extend their privileges and
obtain local files accessible to the Tomcat process (CVE-2008-2938).
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.4
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 36926 (mandriva_MDVSA-2008-188.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now