Nessus Plugin #15007
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA170] DSA-170-1 tomcat4
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-170-1 tomcat4
- Version:
- $Revision: 1.4 $
- Cve_id:
- CVE-2002-1148
- Bugtraq_id:
- 5786
- Xrefs:
- DSA:170
- Description:
A security vulnerability has been found in all Tomcat 4.x releases.
This problem allows an attacker to use a specially crafted URL to
return the unprocessed source code of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraints, without the need for being properly
authenticated.
This problem has been fixed in version 4.0.3-3woody1 for the current
stable distribution (woody) and in version 4.1.12-1 for the unstable
release (sid). The old stable release (potato) does not contain
tomcat packages. Also, packages for tomcat3 are not vulnerable to
this problem.
We recommend that you upgrade your tomcat package immediately.
Solution : http://www.debian.org/security/2002/dsa-170
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.