This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update of tomcat5/6 fixes :
- CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:
CVSS v2 Base Score: 4.3 Directory traversal
vulnerability allowed remote attackers to create or
overwrite arbitrary files/dirs with a specially crafted
- CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy
is enabled the autodeployment process deployed appBase
files that remain from a failed undeploy, which might
allow remote attackers to bypass intended authentication
requirements via HTTP requests.
- CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the
RequestDispatcher method, i was possible for remote
attackers to bypass intended access restrictions and
conduct directory traversal attacks.
See also :
Update the affected tomcat6 packages.
Risk factor :
Medium / CVSS Base Score : 5.8