Detections
Analytics
Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 6832
Synopsis
The remote web server is affected by multiple vunerabilities.Description
Versions of Apache Tomcat earlier than 6.0.37 are potentially affected by multiple vulnerabilities :- An error exists related to chunked transfer encoding and extensions that could allow limited denial of service attacks. (CVE-2012-3544)
- An error exists related to HTML form authentication and session fixation that could allow an attacker to carry out requests using a victim's credentials. (CVE-2013-2067)
Solution
Upgrade to Apache Tomcat 6.0.37 or later.See Also
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.37
Plugin Details
Severity: Medium
ID: 6832
Family: Web Servers
Published: 5/20/2013
Updated: 3/6/2019
Nessus ID: 66670
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apache:tomcat
Patch Publication Date: 5/3/2013
Vulnerability Publication Date: 5/10/2013
Reference Information
CVE: CVE-2012-3544
BID: 59797