Amazon Linux AMI : tomcat7 (ALAS-2013-191)

Low Nessus Plugin ID 69749

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Solution

Run 'yum update tomcat7' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2013-191.html

Plugin Details

Severity: Low

ID: 69749

File Name: ala_ALAS-2013-191.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2013/09/04

Updated: 2018/04/18

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:tomcat7, p-cpe:/a:amazon:linux:tomcat7-admin-webapps, p-cpe:/a:amazon:linux:tomcat7-docs-webapp, p-cpe:/a:amazon:linux:tomcat7-el-2.2-api, p-cpe:/a:amazon:linux:tomcat7-javadoc, p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api, p-cpe:/a:amazon:linux:tomcat7-lib, p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api, p-cpe:/a:amazon:linux:tomcat7-webapps, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 2013/05/24

Reference Information

CVE: CVE-2013-2071

ALAS: 2013-191