Oval Definition:oval:org.mitre.oval:def:21075
Revision Date:2014-02-17Version:80
Title:RHSA-2013:0623: tomcat6 security update (Important)
Description:The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:0623
CVE-2012-3546
CVE-2012-4534
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887
RHSA-2013:0623-01
Platform(s):CentOS Linux 6
Red Hat Enterprise Linux 6
Product(s):tomcat6
Definition Synopsis
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • tomcat6-jsp-2.1-api is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-webapps is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-docs-webapp is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-lib is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-javadoc is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-el-2.1-api is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-servlet-2.5-api is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6-admin-webapps is earlier than 0:6.0.24-52.el6_4
  • OR tomcat6 is earlier than 0:6.0.24-52.el6_4
    • BACK