tomcat6-6.0.24-36.AXS4
エラータID: AXSA:2012-515:02
リリース日:
2012/04/19 Thursday - 14:45
題名:
tomcat6-6.0.24-36.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
-Apache Tomcat は予測可能なハッシュコリジョンを引き起こす機能を制限せずにハッシュ値を計算しており,巧妙に細工された多くのパラメータを送信することによって,リモートの攻撃者がサービス拒否 (CPU の消費) を引き起こす脆弱性があります。(CVE-2011-4858)
-Apache Tomcat はパラメータを扱うのに非効率なアプローチを用いており,多くのパラメータやパラメータ値を持つリクエストによって,リモートの攻撃者がサービス拒否 (CPUの消費) を引き起こす脆弱性があります。なお,この脆弱性は CVE-2011-4858 とは異なる脆弱性です。(CVE-2012-0022)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-4858
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2012-0022
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-36.AXS4.src.rpm
MD5: 8c5fc91027bccfaf9af8418caeebe635
SHA-256: d21f527a6c6b12f7decc02df2672cdb7c2667bad201c915b04eb6eb54fb08796
Size: 3.34 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-36.AXS4.noarch.rpm
MD5: 3c2ba6d3a758de5bdd11f78a1afbd612
SHA-256: a25550a622f15a30d27601ff90c0a62868adf933d15bf0f04d8be083b8584e83
Size: 86.09 kB - tomcat6-el-2.1-api-6.0.24-36.AXS4.noarch.rpm
MD5: 87fb40c2f75fa1dd0061176c43b0154a
SHA-256: 879f27bc2626e3be107511bfec01d171559bfd56a33785999c396911514fbf92
Size: 41.46 kB - tomcat6-jsp-2.1-api-6.0.24-36.AXS4.noarch.rpm
MD5: 02d861e415977e7a40ada08910c997e1
SHA-256: ecf8a80a4422eb05be50dea46ee8de00ea6e156ec918e1aaa17d9fde2a985a16
Size: 78.34 kB - tomcat6-lib-6.0.24-36.AXS4.noarch.rpm
MD5: 6d235933c2d9c8f03fcecb83c3cb9d41
SHA-256: acf759547a90b88de692e5af79d961b4b9bccadb598f633683104ccec3a73c14
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-36.AXS4.noarch.rpm
MD5: a1df1122344f9b12a2b59542a388c8bf
SHA-256: 6593aa4899034781f46b834dc37671dc4b670a94c9d940377b005e5f0824edaf
Size: 92.23 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-36.AXS4.noarch.rpm
MD5: ea13474a0df84237a1aef3e0db00ee84
SHA-256: 28345b96036bce6930e64c4dc41199771cda378df1ca8313d08f48e164d6b3bf
Size: 85.62 kB - tomcat6-el-2.1-api-6.0.24-36.AXS4.noarch.rpm
MD5: 7b657c359308f167fe6fda1aa6608e82
SHA-256: fe9441ca670b564c7a86394de4ab928b8dc93a5d76c79df8bb290cdb11819e91
Size: 41.00 kB - tomcat6-jsp-2.1-api-6.0.24-36.AXS4.noarch.rpm
MD5: 32806e0648498cd843cbc162c158ed9d
SHA-256: b66aa023a7f1906ca64c257ef06e7d1d48b2849b40481392e31b036651d52ad5
Size: 77.89 kB - tomcat6-lib-6.0.24-36.AXS4.noarch.rpm
MD5: 3232b374578da1d48a0d060bd83aaca5
SHA-256: 30d164553bc665c28b3e7b79265a44b3ed9389fb4734c7d0d05cbb4187c3d9b5
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-36.AXS4.noarch.rpm
MD5: d9e22d843c35012780a7a9b4b3d5041d
SHA-256: c98dfa3f651fbb498caa19ab0b332cfdef426c4a46fe270f82f7e84b96326909
Size: 91.78 kB