This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30
does not properly handle chunk extensions in chunked
transfer coding, which allows remote attackers to cause
a denial of service by streaming data. (CVE-2012-3544)
.java in the form authentication feature in Apache
Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does
not properly handle the relationships between
authentication requirements and sessions, which allows
remote attackers to inject a request into a session by
sending this request during completion of the login
form, a variant of a session fixation attack.
See also :
Upgrade to Solaris 220.127.116.11.0.
Risk factor :
Medium / CVSS Base Score : 6.8
Public Exploit Available : true