U radu programskog paketa Apache Tomcat otkriveno je nekoliko sigurnosnih propusta. Riječ je o poslužitelju web aplikacija koji se koristi kao podloga za Java Servlet i JavaServer Pages tehnologije. Bitniji su propusti posljedica pogrešne obrade naziva WAR datoteka te neodgovarajućeg rukovanja neispravnim "Transfer-Encoding" zaglavljem. Udaljenom napadaču omogućuju izvođenje DoS napada, otkrivanje osjetljivih informacija te manipulaciju proizvoljnim datotekama. Za više detalja savjetuje se čitanje izvorne preporuke. Korisnike se potiče na primjenu nadogradnje.
VMware vCenter / ESX Server Apache Tomcat Multiple Vulnerabilities
Secunia Advisory SA43310
Release Date 2011-02-11
Criticality level Moderately criticalModerately critical
Impact Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Partial Fix
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
VMware ESX Server 4.x
Software:
VMware vCenter Server 4.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2009-2693 CVSS available in Customer Area
CVE-2009-2901 CVSS available in Customer Area
CVE-2009-2902 CVSS available in Customer Area
CVE-2010-1157 CVSS available in Customer Area
CVE-2010-2227 CVSS available in Customer Area
Description
Some vulnerabilities have been reported in VMware vCenter / ESX Server, which can be exploited by malicious users and malicious people to manipulate certain data, and by malicious people to disclose system information, gain access to potentially sensitive information, and cause a DoS (Denial of Service).
For more information:
SA38316
SA39574
Solution
Apply patches if available.
Further details available in Customer Area
Original Advisory
VMSA-2011-0003:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke