Oval Definition:oval:org.mitre.oval:def:20966
Revision Date:2014-02-17Version:66
Title:RHSA-2013:0640: tomcat5 security update (Important)
Description:The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:0640
CVE-2012-3546
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887
RHSA-2013:0640-00
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):tomcat5
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
    • BACK