SuSE9 Security Update : Tomcat (YOU Patch Number 12585)
Medium Nessus Plugin ID 45452
The remote SuSE 9 host is missing a security-related patch.
This update of tomcat5/6 fixes : - CVSS v2 Base Score: 5.8. (CVE-2009-2693) - CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. (CVE-2009-2902) - CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. (CVE-2009-2901) - CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks. (CVE-2008-5515)