drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Tomcat
| Name: |
Ausführen beliebiger Kommandos in Tomcat |
|
| ID: |
USN-7242-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 LTS |
|
| Datum: |
Do, 30. Januar 2025, 23:09 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2016-8735 |
|
| Applikationen: |
Apache Tomcat |
|
Originalnachricht |
--===============1635044687041088204==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain
==========================================================================
Ubuntu Security Notice USN-7242-1
January 30, 2025
tomcat6 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Tomcat could be made to run programs if it received specially crafted
network traffic.
Software Description:
- tomcat6: Servlet and JSP engine
Details:
Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not
implement a recommended fix. A remote attacker could possibly use this
issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libservlet2.5-java 6.0.39-1ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7242-1
CVE-2016-8735
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQHZBAEBCgBDFiEEBcMY+nwS2CY71sUWc4vdAqvdlsYFAmebNkglHGdpYW1wYW9s
by5mcmVzaS5yb2dsaWFAY2Fub25pY2FsLmNvbQAKCRBzi90Cq92Wxmu0C/977cgM
kotIT604/KDO1fGliGhADDTu+XUIrMOeh1xnnp5O2D6WSevPeBkgJIK0xvmZSz84
V9+p8RcoTVf8eSCNUFD6n0bGlamVcAwrUFXFGwaA3k+950ILLXwDDOt5XXK7EAHR
jQZTiQ+QRyfggwNollrXHbzSU1xR/fHudxuh61LKbnN/oGOlXYByYSttVuxyVRll
DDI75vUvvigkXqQf7eB8g3D+bJUTqEKZSFdM+CNl3Itly4MVLauVa6oharlSwwNE
2tDtl2K6F3Dv6jxar3AlubNrmTKGeeZbsuCkFHcn9z6gf28R1KIUTUmh/eL6zJww
zSZOvjz182LIkAVVZdIyljdOw1s4w4cPos+uNI5ZDPLi3Isj3HUVqxiYE+g1nSEt
npzhQEm7kJhUrBqnPN2rsvfuI1RDddvGYkTuEIsO7yWmKwwWASTpXtj94WouhPtV
8jN5jre/zHrpnJSs3S/1c4oN4q5VltvAEsSTD16oUWeaFTXOxpXeTRa0D5g=
=8DXO
-----END PGP SIGNATURE-----
--=-=-=--
--===============1635044687041088204==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============1635044687041088204==--
|
|
|
|
