SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update of tomcat6 fixes the following security issues :

- denial of service. (CVE-2012-4534)

- tomcat: HTTP NIO connector OOM DoS via a request with
large headers. (CVE-2012-2733)

- tomcat: cnonce tracking weakness. (CVE-2012-5885)

- tomcat: authentication caching weakness. (CVE-2012-5886)

- tomcat: stale nonce weakness. (CVE-2012-5887)

- tomcat: affected by slowloris DoS. (CVE-2012-5568)

- tomcat: Bypass of security constraints. (CVE-2012-3546)

- tomcat: bypass of CSRF prevention filter.
(CVE-2012-4431)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=789406
https://bugzilla.novell.com/show_bug.cgi?id=791423
https://bugzilla.novell.com/show_bug.cgi?id=791424
https://bugzilla.novell.com/show_bug.cgi?id=791426
https://bugzilla.novell.com/show_bug.cgi?id=791679
https://bugzilla.novell.com/show_bug.cgi?id=793391
https://bugzilla.novell.com/show_bug.cgi?id=793394
https://bugzilla.novell.com/show_bug.cgi?id=794548
http://support.novell.com/security/cve/CVE-2012-2733.html
http://support.novell.com/security/cve/CVE-2012-3546.html
http://support.novell.com/security/cve/CVE-2012-4431.html
http://support.novell.com/security/cve/CVE-2012-4534.html
http://support.novell.com/security/cve/CVE-2012-5568.html
http://support.novell.com/security/cve/CVE-2012-5885.html
http://support.novell.com/security/cve/CVE-2012-5886.html
http://support.novell.com/security/cve/CVE-2012-5887.html

Solution :

Apply SAT patch number 7208.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 64430 ()

Bugtraq ID:

CVE ID: CVE-2012-2733
CVE-2012-3546
CVE-2012-4431
CVE-2012-4534
CVE-2012-5568
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now