Detections
Analytics
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)
medium Nessus Plugin ID 31338
Synopsis
The remote openSUSE host is missing a security update.Description
Fixed various issues in tomcat :- CVE-2007-3382: Handling of cookies containing a ' character
- CVE-2007-3385: Handling of \' in cookies
- CVE-2007-5641: tomcat path traversal / information leak
- CVE-2007-1860: directory traversal
- CVE-2007-3386: tomcat XSS
- CVE-2007-5342: insufficient access restrictions
Additionally the dbcp namespace in commons-dbcp.jar was fixed.
Solution
Update the affected apache2-mod_jk packages.Plugin Details
Severity: Medium
ID: 31338
File Name: suse_apache2-mod_jk-4997.nasl
Version: 1.11
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/4/2008
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.0
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:apache2-mod_jk, p-cpe:/a:novell:opensuse:tomcat55, p-cpe:/a:novell:opensuse:tomcat55-admin-webapps, p-cpe:/a:novell:opensuse:tomcat55-common-lib, p-cpe:/a:novell:opensuse:tomcat55-jasper, p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc, p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api, p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc, p-cpe:/a:novell:opensuse:tomcat55-server-lib, p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api, p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc, p-cpe:/a:novell:opensuse:tomcat55-webapps, cpe:/o:novell:opensuse:10.3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/11/2008
Exploitable With
CANVAS (CANVAS)
Reference Information
CVE: CVE-2007-1860, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5342, CVE-2007-5641