Summary
The remote host is missing an update to tomcat5.5
announced via advisory DSA 2207-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1
Insight
Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found at
http://tomcat.apache.org/security-5.html.
For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.
The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6 is already fixed.
The unstable distribution (sid) no longer contains tomcat5.5. tomcat6 is already fixed.
We recommend that you upgrade your tomcat5.5 packages.
Severity
Classification
-
CVE CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P
Related Vulnerabilities