Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2013:0869
HistoryMay 28, 2013 - 12:00 a.m.

(RHSA-2013:0869) Important: tomcat6 security update

2013-05-2800:00:00
access.redhat.com
19

EPSS

0.003

Percentile

71.6%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way the tomcat6 init script handled the
tomcat6-initd.log log file. A malicious web application deployed on Tomcat
could use this flaw to perform a symbolic link attack to change the
ownership of an arbitrary system file to that of the tomcat user, allowing
them to escalate their privileges to root. (CVE-2013-1976)

Note: With this update, tomcat6-initd.log has been moved from
/var/log/tomcat6/ to the /var/log/ directory.

It was found that the RHSA-2013:0623 update did not correctly fix
CVE-2012-5887, a weakness in the Tomcat DIGEST authentication
implementation. A remote attacker could use this flaw to perform replay
attacks in some circumstances. Additionally, this problem also prevented
users from being able to authenticate using DIGEST authentication.
(CVE-2013-2051)

Red Hat would like to thank Simon Fayer of Imperial College London for
reporting the CVE-2013-1976 issue.

Users of Tomcat are advised to upgrade to these updated packages, which
correct these issues. Tomcat must be restarted for this update to take
effect.

OSVersionArchitecturePackageVersionFilename
RedHat6srctomcat6< 6.0.24-55.el6_4tomcat6-6.0.24-55.el6_4.src.rpm
RedHat6noarchtomcat6-jsp-2.1-api< 6.0.24-55.el6_4tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-webapps< 6.0.24-55.el6_4tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-el-2.1-api< 6.0.24-55.el6_4tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-lib< 6.0.24-55.el6_4tomcat6-lib-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-servlet-2.5-api< 6.0.24-55.el6_4tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6< 6.0.24-55.el6_4tomcat6-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-admin-webapps< 6.0.24-55.el6_4tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-docs-webapp< 6.0.24-55.el6_4tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm
RedHat6noarchtomcat6-javadoc< 6.0.24-55.el6_4tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm

Related

openvas 31
centos 4
nessus 44
cve 4
prion 3
debiancve 3
seebug 3
ubuntucve 3
cvelist 3
nvd 4
oraclelinux 4
amazon 1
veracode 2
osv 5
github 1
redhat 14
ibm 3
f5 2
ubuntu 1
mageia 1
securityvulns 2
debian 1
vmware 2
gentoo 1
openvas
openvas
CentOS Update for tomcat6 CESA-2013:0869 centos6
2013-05-31 00:00:00
CentOS Update for tomcat6 CESA-2013:0869 centos6
2013-05-31 00:00:00
RedHat Update for tomcat6 RHSA-2013:0869-01
2013-05-31 00:00:00
centos
centos
tomcat6 security update
2013-05-29 08:25:00
tomcat5 security update
2013-05-28 18:47:52
tomcat5 security update
2013-03-12 19:14:34
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2013-0869)
2013-07-12 00:00:00
CentOS 6 : tomcat6 (CESA-2013:0869)
2013-05-30 00:00:00
RHEL 6 : tomcat6 (RHSA-2013:0869)
2013-05-29 00:00:00
cve
cve
CVE-2013-2051
2013-07-09 17:55:00
CVE-2012-5887
2012-11-17 19:55:02
CVE-2013-1976
2013-07-09 17:55:00
prion
prion
Authentication flaw
2013-07-09 17:55:00
Authentication flaw
2012-11-17 19:55:00
Input validation
2013-07-09 17:55:00
debiancve
debiancve
CVE-2013-2051
2013-07-09 17:55:00
CVE-2012-5887
2012-11-17 19:55:00
CVE-2013-1976
2013-07-09 17:55:00
seebug
seebug
Apache Tomcat DIGEST Authentication重放攻击漏洞(CVE-2013-2051)
2013-05-30 00:00:00
Apache Tomcat摘要验证不完整修复安全漏洞
2013-06-01 00:00:00
Apache Tomcat 不安全临时文件处理漏洞(CVE-2013-1976)
2013-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2013-2051
2013-07-09 00:00:00
CVE-2013-1976
2013-07-09 00:00:00
CVE-2012-5887
2012-11-17 00:00:00
cvelist
cvelist
CVE-2013-2051
2013-07-09 17:00:00
CVE-2012-5887
2012-11-17 19:00:00
CVE-2013-1976
2013-07-09 17:00:00
nvd
nvd
CVE-2013-2051
2013-07-09 17:55:00
CVE-2012-5887
2012-11-17 19:55:02
CVE-2013-1976
2013-07-09 17:55:00
oraclelinux
oraclelinux
tomcat6 security update
2013-05-28 00:00:00
tomcat5 security update
2013-05-28 00:00:00
tomcat5 security update
2013-03-12 00:00:00
amazon
amazon
Important: tomcat6
2013-06-11 22:44:00
veracode
veracode
Authentication Bypass
2019-05-02 04:55:34
Privilege Escalation
2019-01-15 08:53:56
osv
osv
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
tomcat6 - several
2013-07-18 00:00:00
tomcat-8.0.36-3.3 on GA media
2024-06-15 00:00:00
github
github
Improper Authentication in Apache Tomcat
2022-05-17 01:38:30
redhat
redhat
(RHSA-2013:0870) Important: tomcat5 security update
2013-05-28 00:00:00
(RHSA-2013:0871) Important: tomcat6 and tomcat7 security update
2013-05-28 17:26:19
(RHSA-2013:0872) Important: tomcat5 and tomcat6 security update
2013-05-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)
2021-04-28 18:35:50
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
2022-06-16 21:33:31
f5
f5
K54891070 : Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887
2017-10-11 00:00:00
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2012-11-21 00:00:00
mageia
mageia
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2012-11-26 00:00:00
[USN-1637-1] Tomcat vulnerabilities
2012-11-26 00:00:00
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00

EPSS

0.003

Percentile

71.6%

JSON
Related for RHSA-2013:0869
openvas31centos4nessus44cve4prion3debiancve3seebug3ubuntucve3cvelist3nvd4oraclelinux4amazon1veracode2osv5github1redhat14ibm3f52ubuntu1mageia1securityvulns2debian1vmware2gentoo1