Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote Solaris system is missing a security patch for third-party

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30
does not properly handle chunk extensions in chunked
transfer coding, which allows remote attackers to cause
a denial of service by streaming data. (CVE-2012-3544)

- java/org/apache/catalina/authenticator/FormAuthenticator
.java in the form authentication feature in Apache
Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does
not properly handle the relationships between
authentication requirements and sessions, which allows
remote attackers to inject a request into a session by
sending this request during completion of the login
form, a variant of a session fixation attack.

See also :

Solution :

Upgrade to Solaris

Risk factor :

Medium / CVSS Base Score : 6.8
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 80792 ()

Bugtraq ID:

CVE ID: CVE-2012-3544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now