10 matches found
RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)
Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. ...
SLES10: Security update for Tomcat 5
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...
SLES9: Security update for Tomcat
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-jakarta-tomcat-connectors jakarta-tomcat-doc apache-jakarta-tomcat-connectors jakarta-tomcat jakarta-tomcat-examples For more information, please vis...
SuSE9 Security Update : Tomcat (YOU Patch Number 12116)
This update of Tomcat fixes cross-site scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers. CVE-2007-1858 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
openSUSE 10 Security Update : tomcat55 (tomcat55-5069)
This update of tomcat fixes cross-site-scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers CVE-2007-1858. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-5066)
This update of tomcat improves the list of supported SSL ciphers CVE-2007-1858. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update apache2-modjk-5066. The text description of this plugin is C SUS...
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)
This update of tomcat fixes cross-site scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers. CVE-2007-1858 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
openSUSE 10 Security Update : tomcat5 (tomcat5-5071)
This update of tomcat fixes cross-site-scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers CVE-2007-1858. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
CVE-2007-1858
CVE-2007-1858 affects Apache Tomcat 4.1.28–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.17 where the default SSL cipher configuration uses insecure ciphers (including anonymous), enabling remote attackers to obtain sensitive information or cause other impacts. Connected sources confirm Tomcat security upd...
Fixed in Apache Tomcat 5.5.17, 5.0.SVN
Important: Information disclosure CVE-2007-1858 The default SSL configuration permitted the use of insecure cipher suites including the anonymous cipher suite. The default configuration no longer permits the use of insecure cipher suites. Affects: 5.0.0-5.0.30, 5.5.0-5.5.16...