SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 8397)
Medium Nessus Plugin ID 64431
Synopsis
The remote SuSE 10 host is missing a security-related patch.
Description
This update of tomcat5 fixed the following security issues :
- tomcat: cnonce tracking weakness. (CVE-2012-5885)
- tomcat: stale nonce weakness. (CVE-2012-5887)
- tomcat: authentication caching weakness. (CVE-2012-5886)
- tomcat: affected by slowloris DoS. (CVE-2012-5568)
- tomcat: Bypass of security constraints. (CVE-2012-3546)
Solution
Apply ZYPP patch number 8397.