This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
This update of Apache Tomcat 5 fixes the following security issues :
A directory traversal vulnerability allows remote attackers to create
or overwrite arbitrary files and directories with a specially crafted
WAR file (CVE-2009-2693 / CVE-2009-2902). When autoDeploy is enabled,
the automatic deployment process deploys appBase files that remain
from a failed undeploy, which might allow remote attackers to bypass
intended authentication requirements via HTTP requests.
Note that this is a re-release of the security update to correct a
regression. The previous patch caused tomcat to delete files it
spuriously associated with a failed undeploy.
See also :
Apply ZYPP patch number 7003.
Risk factor :
Medium / CVSS Base Score : 5.8