Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201206-24
HistoryJun 24, 2012 - 12:00 a.m.

Apache Tomcat: Multiple vulnerabilities

2012-06-2400:00:00
Gentoo Foundation
security.gentoo.org
72

0.971 High

EPSS

Percentile

99.8%

JSON

Background

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Description

Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.

Impact

The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.

Workaround

There is no known workaround at this time.

Resolution

All Apache Tomcat 6.0.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"

All Apache Tomcat 7.0.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/tomcat< 7.0.23UNKNOWN

Related

openvas 83
nessus 68
redhat 17
tomcat 8
centos 4
oraclelinux 5
securityvulns 4
fedora 5
cvelist 1
prion 1
ubuntucve 1
osv 1
github 1
openvas
openvas
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
2012-08-10 00:00:00
Debian Security Advisory DSA 2401-1 (tomcat6)
2012-02-12 00:00:00
nessus
nessus
GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
2012-06-25 00:00:00
RHEL 5 / 6 : tomcat6 (RHSA-2012:0682)
2014-11-08 00:00:00
Debian DSA-2401-1 : tomcat6 - several vulnerabilities
2012-02-03 00:00:00
redhat
redhat
(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update
2012-05-21 16:31:40
(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update
2012-05-21 00:00:00
(RHSA-2012:0680) Moderate: tomcat5 security and bug fix update
2012-05-21 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.34
2011-09-22 00:00:00
Fixed in Apache Tomcat 6.0.33
2011-08-18 00:00:00
Fixed in Apache Tomcat 7.0.12
2011-04-06 00:00:00
centos
centos
tomcat5 security update
2011-12-20 19:18:57
tomcat6 security update
2011-12-22 16:00:12
tomcat5 security update
2009-07-29 17:30:22
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-12-05 00:00:00
tomcat5 security update
2011-12-20 00:00:00
tomcat5 security update
2012-04-11 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;
2010-05-20 00:00:00
HP Performance Manager multiple security vulnerabilities
2010-05-20 00:00:00
Apache Tomcat multiple security vulnerabilities
2009-06-14 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: tomcat6-6.0.26-27.fc14
2011-10-20 09:55:07
[SECURITY] Fedora 11 Update: tomcat6-6.0.20-1.fc11
2009-11-27 21:36:22
[SECURITY] Fedora 12 Update: tomcat6-6.0.20-1.fc12
2009-11-27 21:50:49
cvelist
cvelist
CVE-2011-1582
2011-05-20 22:00:00
prion
prion
Design/Logic Flaw
2011-05-20 22:55:00
ubuntucve
ubuntucve
CVE-2011-1582
2011-05-20 00:00:00
osv
osv
Access restriction bypass in Apache Tomcat
2022-05-14 02:55:47
github
github
Access restriction bypass in Apache Tomcat
2022-05-14 02:55:47

0.971 High

EPSS

Percentile

99.8%

JSON
Related for GLSA-201206-24
openvas83nessus68redhat17tomcat8centos4oraclelinux5securityvulns4fedora5cvelist1prion1ubuntucve1osv1github1