Oracle: Security Advisory (ELSA-2013-0640)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-91-2 tomcat6 - regression update

Bulletin has no description...

[SECURITY] [DLA 91-1] tomcat6 security update

Package : tomcat6 Version : 6.0.41-2+squeeze5 CVE ID : CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 Debian Bugs : 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 682955 687818 692440 695250 713796 717279 This is an upgrade from tomcat...

Oracle Linux 6 : tomcat6 (ELSA-2013-0869)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0869 advisory. - Related: rhbz955976 CVE-2013-1976. Changed log location - Resolves: rhbz956771 Related: CVE-2012-3439 digest - Resolves: rhbz955976 CVE-2013-1976...

tomcat6 security update

0:6.0.24-55 - Related: rhbz955976 CVE-2013-1976. Changed log location - so only root can use it. Touching TOMCATLOG is no longer - required 0:6.0.24-54 - Resolves: rhbz956771 Related: CVE-2012-3439 digest - authentication broken after errata for cve-2012-3439 - patch for 3439 corrected 0:6.0.24-5...

tomcat5 security update

0:5.5.23-0jpp.38 - Resolves: CVE-2012-3439 rhbz882008 three DIGEST authentication - implementation - Resolves: CVE-2012-3546, rhbz913034 Bypass of security constraints. - Remove unneeded handling of FORM authentication in RealmBase...

tomcat6 security update

0:6.0.24-52 - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. 0:6.0.24-50 - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST...

FreeBSD Ports: tomcat

The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

CVE-2012-3439

...

CVE-2012-3439

CVE-2012-3439 is rejected/not used; refer to CVE-2012-5885/5886/5887.

Apache Tomcat DIGEST身份验证多个安全漏洞(CVE-2012-3439)

BUGTRAQ ID: 56403 CVE ID: CVE-2012-3439 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 7.0.0-7.0.27、6.0.0-6.0.35、5.5.0-5.5.35存在多个安全漏洞，成功利用后可允许攻击者绕过安全限制并执行非法操作。 0 Apache Group Tomcat 7.x Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁： Apache Group ------------ 请更新到5.5.36、6.0.36、7.0.30...

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

Fixed in Apache Tomcat 5.5.36

Moderate: DIGEST authentication weakness CVE-2012-3439 Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: 1. Tomcat tracked client rather than server nonces and nonce count. 2. When a session ID was present, authentication was bypassed. 3. The user...