Описание
ELSA-2013-0869: tomcat6 security update (IMPORTANT)
[0:6.0.24-55]
- Related: rhbz#955976 CVE-2013-1976. Changed log location
- so only root can use it. Touching TOMCAT_LOG is no longer
- required
[0:6.0.24-54]
- Resolves: rhbz#956771 Related: CVE-2012-3439 digest
- authentication broken after errata for cve-2012-3439
- patch for 3439 corrected
[0:6.0.24-53]
- Resolves: rhbz#955976 CVE-2013-1976 improper TOMCAT_LOG
- management in init script
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
tomcat6
6.0.24-55.el6_4
tomcat6-admin-webapps
6.0.24-55.el6_4
tomcat6-docs-webapp
6.0.24-55.el6_4
tomcat6-el-2.1-api
6.0.24-55.el6_4
tomcat6-javadoc
6.0.24-55.el6_4
tomcat6-jsp-2.1-api
6.0.24-55.el6_4
tomcat6-lib
6.0.24-55.el6_4
tomcat6-servlet-2.5-api
6.0.24-55.el6_4
tomcat6-webapps
6.0.24-55.el6_4
Oracle Linux i686
tomcat6
6.0.24-55.el6_4
tomcat6-admin-webapps
6.0.24-55.el6_4
tomcat6-docs-webapp
6.0.24-55.el6_4
tomcat6-el-2.1-api
6.0.24-55.el6_4
tomcat6-javadoc
6.0.24-55.el6_4
tomcat6-jsp-2.1-api
6.0.24-55.el6_4
tomcat6-lib
6.0.24-55.el6_4
tomcat6-servlet-2.5-api
6.0.24-55.el6_4
tomcat6-webapps
6.0.24-55.el6_4
Связанные CVE
Связанные уязвимости
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
The Tomcat 6 DIGEST authentication functionality as used in Red Hat En ...
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.