Tenable6332.PASL

HistoryFeb 22, 2012 - 12:00 a.m.

Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities

2012-02-2200:00:00

Tenable

www.tenable.com

According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities:

Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. (CVE-2011-3190)
An information disclosure vulnerability exists. Request information is cached in two objects and these objects are not recycled at the same time. Further requests can obtain sensitive information if certain error conditions occur. (CVE-2011-3375)
Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022)

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.

Binary data 6332.pasl

VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Vendor	Product	Version	CPE
apache	tomcat		cpe:/a:apache:tomcat

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190

issues.apache.org/bugzilla/show_bug.cgi?id=51698#c2,svn.apache.org/viewvc?view=revision&revision=1162959,http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.35,http://www.nruns.com/_downloads/advisory28122011.pdf

nessus 50

openvas 44

ubuntu 2

tomcat 6

redhat 12

cve 5

github 4

prion 4

centos 3

osv 5

ubuntucve 4

debiancve 4

oraclelinux 3

securityvulns 9

debian 1

checkpoint_advisories 1

seebug 4

freebsd 1

ibm 8

vmware 2

fedora 4

amazon 1

exploitpack 1

exploitdb 1

gentoo 1

oracle 1

nessus

Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities

2011-12-12 00:00:00

Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities

2012-02-22 00:00:00

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)

2012-02-14 00:00:00

openvas

Ubuntu Update for tomcat6 USN-1359-1

2012-02-21 00:00:00

Ubuntu Update for tomcat6 USN-1359-1

2012-02-21 00:00:00

CentOS Update for tomcat6 CESA-2012:0475 centos6

2012-07-30 00:00:00

ubuntu

Tomcat vulnerabilities

2012-02-13 00:00:00

Tomcat vulnerabilities

2011-11-08 00:00:00

tomcat

Fixed in Apache Tomcat 6.0.35

2011-12-05 00:00:00

Fixed in Apache Tomcat 7.0.21

2011-09-01 00:00:00

Fixed in Apache Tomcat 5.5.35

2012-01-16 00:00:00

redhat

(RHSA-2012:0474) Moderate: tomcat5 security update

2012-04-11 00:00:00

(RHSA-2012:0475) Moderate: tomcat6 security update

2012-04-11 00:00:00

(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update

2012-05-21 00:00:00

cve

CVE-2012-0022

2012-01-19 04:01:00

CVE-2011-4858

2012-01-05 19:55:00

CVE-2011-3190

2011-08-31 23:55:00

github

Denial of Service in Apache Tomcat

2022-05-04 00:27:43

Improper Input Validation in Apache Tomcat

2022-05-14 03:52:45

Apache Tomcat Allows Remote Attackers to Spoof AJP Requests

2022-05-14 01:17:02

prion

Design/Logic Flaw

2012-01-19 04:01:00

Code injection

2012-01-05 19:55:00

Authentication flaw

2011-08-31 23:55:00

centos

tomcat5 security update

2012-04-11 19:16:37

tomcat6 security update

2012-04-11 20:13:41

tomcat6 security update

2011-12-22 16:00:12

osv

Denial of Service in Apache Tomcat

2022-05-04 00:27:43

tomcat6 - several

2012-02-02 00:00:00

Improper Input Validation in Apache Tomcat

2022-05-14 03:52:45

ubuntucve

CVE-2012-0022

2012-01-18 00:00:00

CVE-2011-4858

2012-01-05 00:00:00

CVE-2011-3190

2011-08-31 00:00:00

debiancve

CVE-2012-0022

2012-01-19 04:01:00

CVE-2011-4858

2012-01-05 19:55:00

CVE-2011-3190

2011-08-31 23:55:00

oraclelinux

tomcat6 security update

2012-04-11 00:00:00

tomcat5 security update

2012-04-11 00:00:00

tomcat6 security and bug fix update

2011-12-05 00:00:00

securityvulns

Apache Tomcat security vulnerabilities

2012-01-20 00:00:00

Apache Tomcat information leakage and unauthorized access

2011-08-30 00:00:00

[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

2011-08-30 00:00:00

debian

[SECURITY] [DSA 2401-1] tomcat6 security update

2012-02-02 19:29:50

checkpoint_advisories

Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)

2014-04-16 00:00:00

seebug

Apache Tomcat Request Information Disclosure

2012-01-18 00:00:00

Apache Tomcat请求对象安全限制绕过漏洞

2012-02-04 00:00:00

Apache Tomcat Large Number Denial Of Service

2012-01-18 00:00:00

freebsd

tomcat -- Denial of Service

2011-10-21 00:00:00

ibm

Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)

2022-09-25 21:06:56

Security Bulletin: Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component

2022-09-26 03:29:56

vmware

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues

2012-03-15 00:00:00

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

2012-03-15 00:00:00

fedora

[SECURITY] Fedora 16 Update: tomcat6-6.0.32-17.fc16

2011-10-19 04:35:58

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-8.fc15

2011-10-20 09:58:03

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15

2011-11-10 17:33:27

amazon

Important: tomcat6

2011-12-02 22:21:00

exploitpack

PHP Hash Table Collision - Denial of Service (PoC)

2012-01-03 00:00:00

exploitdb

PHP Hash Table Collision - Denial of Service (PoC)

2012-01-03 00:00:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2012-06-24 00:00:00

oracle

Oracle Critical Patch Update - January 2013

2013-01-15 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 6332.PASL