关键漏洞信息 Title: HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) Potential Security Impact: Remote information disclosure Authentication bypass Cross-site scripting (XSS) Unauthorized access Denial of Service (DoS) Vulnerability Summary: Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. References: CVE-2011-3190 CVE-2011-2729 CVE-2011-2526 CVE-2011-2204 CVE-2011-0013 CVE-2010-4476 CVE-2010-3718 Affected Versions: HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.19 or earlier Resolution: HP has provided the following software updates to resolve the vulnerabilities: Update and install HP-UX Web Server Suite v3.20 or subsequent. Software updates are available for download from http://software.hp.com CVSS 2.0 Base Metrics: Action: Install revision B.5.5.34.01 or subsequent.