tomcat6-6.0.24-57.AXS4
エラータID: AXSA:2013-491:04
リリース日:
2013/06/24 Monday - 21:51
題名:
tomcat6-6.0.24-57.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Asianux Server 4 for ppc
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat のフォーム認証機能の java/org/apache/catalina/authenticator/FormAuthenticator.java は,適切に認証要求とセッションの間の関係を処理せず,ログインフォームの補完の間にこのリクエストを送信することによって,リモートの攻撃者がセッションにリクエストを注入する脆弱性があります。(CVE-2013-2067)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-57.AXS4.src.rpm
MD5: e8a187845d2df08e7123e0d6d6a0f367
SHA-256: da7b0fcd219ad69fd9183f5dde74c297abb607e7ef38dcd3f563df63ed77101a
Size: 3.36 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-57.AXS4.noarch.rpm
MD5: 9283e7896938261e45daea34115b10e9
SHA-256: 79581847d38d696dbb85981069a0eae6cc86c9b672c8fc6c5bb4a8aaac3fc576
Size: 88.57 kB - tomcat6-el-2.1-api-6.0.24-57.AXS4.noarch.rpm
MD5: 97256e6e6bcda485fa5ec7c264c81468
SHA-256: afa1bbb1dc600a1867a08d0ece91951678bfb4767c99f4bdc008265a7f4f32dd
Size: 44.52 kB - tomcat6-jsp-2.1-api-6.0.24-57.AXS4.noarch.rpm
MD5: ee922414d125fafd57984e03cd9eafd5
SHA-256: 19ea5f65d409c975e194214830e015cd1e2a1c991a12798418558b73a4069ed9
Size: 81.42 kB - tomcat6-lib-6.0.24-57.AXS4.noarch.rpm
MD5: 1897e16d47b2009bbe224cb718d4c82e
SHA-256: ccbc9501fe66ba62546d54fee1a9974f9c8509d33e5904ab5f4321f3ad74c0a9
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-57.AXS4.noarch.rpm
MD5: 864323be2eddcd2d4be3dc2e8e072067
SHA-256: 40ec1850685ade4f03f6e663b165e36111b013f9278cd361ee2347947d667dc7
Size: 95.30 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-57.AXS4.noarch.rpm
MD5: f72df37101a7e14ff2446082318b70ce
SHA-256: 3032c9a10dd60b27ac905102cfbf87c5d02ca6198b6d1e82ff3f38a774bdde1f
Size: 88.11 kB - tomcat6-el-2.1-api-6.0.24-57.AXS4.noarch.rpm
MD5: 26acdd626031fd73beec39441ece15b1
SHA-256: 41d7ff9c7544ef1f3332beaf7a7d359fec069ba5f40f5e104f196dca94beea30
Size: 44.07 kB - tomcat6-jsp-2.1-api-6.0.24-57.AXS4.noarch.rpm
MD5: a24e5c2e23ba2c28f45c480634a2137c
SHA-256: 7f5373d3fafe8859bcfb409dbe001a00fdd0c81ec7ce3b968901147c781d1dd9
Size: 80.97 kB - tomcat6-lib-6.0.24-57.AXS4.noarch.rpm
MD5: 2266c3fe0d4190f379a883736c57e02e
SHA-256: 6018119752632e2179954b729131abdc630bf0c9f97a02cac2b5d49038a79e7e
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-57.AXS4.noarch.rpm
MD5: d4f63d10932302af401451f5dec29ce9
SHA-256: 7da89530c2c4a1e478f0e8c2c46eaf0006cf7279c88e0cb40b3962ecb53e183c
Size: 94.85 kB