Oval Definition:oval:org.mitre.oval:def:23491
Revision Date:2014-05-26Version:28
Title:ELSA-2013:0640: tomcat5 security update (Important)
Description:The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-3546
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887
ELSA-2013:0640-00
Platform(s):Oracle Linux 5
Product(s):tomcat5
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5 is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.38.el5_9
  • OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.38.el5_9
    • BACK