SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 8397)
medium Nessus Plugin ID 64431
Language:
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
This update of tomcat5 fixed the following security issues :- tomcat: cnonce tracking weakness. (CVE-2012-5885)
- tomcat: stale nonce weakness. (CVE-2012-5887)
- tomcat: authentication caching weakness. (CVE-2012-5886)
- tomcat: affected by slowloris DoS. (CVE-2012-5568)
- tomcat: Bypass of security constraints. (CVE-2012-3546)
Solution
Apply ZYPP patch number 8397.See Also
http://support.novell.com/security/cve/CVE-2012-3546.html
http://support.novell.com/security/cve/CVE-2012-5568.html
http://support.novell.com/security/cve/CVE-2012-5885.html
Plugin Details
Severity: Medium
ID: 64431
File Name: suse_tomcat5-8397.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/4/2013
Updated: 1/19/2021
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/SuSE/rpm-list, Host/cpu, Host/SuSE/release
Patch Publication Date: 12/13/2012
Reference Information
CVE: CVE-2012-3546, CVE-2012-5568, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887