Oracle Solaris Third-Party Patch Update : tomcat (cve_2011_3375_information_disclosure)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Apache Tomcat 6.0.30 through 6.0.33 and 7.x before
7.0.22 does not properly perform certain caching and
recycling operations involving request objects, which
allows remote attackers to obtain unintended read access
to IP address and HTTP header information in
opportunistic circumstances by reading TCP data.
(CVE-2011-3375)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?f34fb067

Solution :

Upgrade to Solaris 11/11 SRU 04.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80789 ()

Bugtraq ID:

CVE ID: CVE-2011-3375

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now