SuSE9 Security Update : Tomcat (YOU Patch Number 12460)
Medium Nessus Plugin ID 41314
The remote SuSE 9 host is missing a security-related patch.
This update of tomcat fixes several vulnerabilities : - RequestDispatcher usage can lead to information leakage. (CVE-2008-5515) - denial of service via AJP connection. (CVE-2009-0033) - some authentication classes allow user enumeration. (CVE-2009-0580) - XSS bug in example application cal2.jsp. (CVE-2009-0781) - replacing XML parser leads to information leakage. (CVE-2009-0783) Additionally, non-security bugs were fixed.