openSUSE Security Update : tomcat6 (tomcat6-2000)
Medium Nessus Plugin ID 45456
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of tomcat5/6 fixes :
- CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:
CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.
- CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
- CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.
SolutionUpdate the affected tomcat6 packages.