MiracleLinux 3 : tomcat5-5.5.23-0jpp.38.0.1.AXS3 (AXSA:2013-370:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-370:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Jav...

SUSE CVE-2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

SUSE: Security Advisory (SUSE-SU-2013:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0228-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

Summary Vulnerabilities have been identified in IBM Rational Team Concert RTC, IBM Rational Quality Manager RQM, and IBM Rational Requirements Composer RRC versions 4.0 and 4.0.1 and the Rational Collaborative Lifecycle Management Solution CLM, allowing a remote attacker to bypass access...

Oracle: Security Advisory (ELSA-2013-0623)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 / 6 : jbossweb (RHSA-2013:0647)

Updated jbossweb packages for JBoss Enterprise Application Platform 6.0.1 that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

RedHat Update for tomcat5 RHSA-2013:0640-01

The remote host is missing an update for the Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 5 : tomcat5 (CESA-2013:0640)

Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311)

It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticatorauthenticate such as the Single-Sign-On valve, it was possible to bypass the security constraint checks in the FORM authenticator by...

CentOS 6 : tomcat6 (CESA-2013:0623)

Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

Moderate: Red Hat Security Advisory: jbossweb security update

Updated jbossweb packages for JBoss Enterprise Application Platform 5.2.0 which fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: jbossweb security update

Updated jbossweb packages for JBoss Enterprise Web Platform 5.2.0 which fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS ba...

tomcat6 security update

0:6.0.24-52 - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. 0:6.0.24-50 - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST...

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 8397)

This update of tomcat5 fixed the following security issues : - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: stale nonce weakness. CVE-2012-5887 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat: affected by slowloris DoS. CVE-2012-5568 - tomcat: Bypass of security...

SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...

[USN-1637-1] Tomcat vulnerabilities

========================================================================== Ubuntu Security Notice USN-1637-1 November 21, 2012 tomcat6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses

According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.36. It is, therefore, affected by the following vulnerabilities : - Replay-countermeasure functionality in HTTP Digest Access Authentication tracks cnonce values instead...

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders function that allows for a crafted header to cause a remote...

CVE-2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...