{"type": "atlassian", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONFSERVER-29345", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.8}, "viewCount": 3, "edition": 2, "reporter": "btom", "title": "Upgrade bundled Tomcat to 6.0.37", "affectedSoftware": [{"operator": "le", "version": "5.1.2", "name": "Confluence Server"}], "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-02T10:17:25", "rev": 2}, "dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRACLOUD-33563", "ATLASSIAN:CONF-29345", "ATLASSIAN:JRA-33563", "ATLASSIAN:JRASERVER-33563", "ATLASSIAN:CONFCLOUD-29345", "ATLASSIAN:BSERV-3475"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121315", "OPENVAS:864957", "OPENVAS:1361412562310841274", "OPENVAS:1361412562310892725", "OPENVAS:892725", "OPENVAS:136141256231072606", "OPENVAS:841274", "OPENVAS:841442", "OPENVAS:1361412562310864957", "OPENVAS:1361412562310841442"]}, {"type": "cve", "idList": ["CVE-2013-2071", "CVE-2013-2067", "CVE-2012-4534", "CVE-2012-4431", "CVE-2012-3546", "CVE-2012-3439", "CVE-2012-2071", "CVE-2012-2733", "CVE-2012-3544"]}, {"type": "nessus", "idList": ["FEDORA_2012-20151.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2014_CPU.NASL", "TOMCAT_6_0_36.NASL", "SOLARIS11_TOMCAT_20140401.NASL", "REDHAT-RHSA-2013-1012.NASL", "UBUNTU_USN-1841-1.NASL", "UBUNTU_USN-1685-1.NASL", "TOMCAT_7_0_28.NASL", "SUSE_11_TOMCAT6-130107.NASL", "DEBIAN_DSA-2725.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2725-1:3350C", "DEBIAN:DSA-2897-1:13B38"]}, {"type": "ubuntu", "idList": ["USN-1685-1", "USN-1841-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29397", "SECURITYVULNS:VULN:13080", "SECURITYVULNS:DOC:29398", "SECURITYVULNS:DOC:29396", "SECURITYVULNS:DOC:28803", "SECURITYVULNS:DOC:28802", "SECURITYVULNS:DOC:30327", "SECURITYVULNS:DOC:28773", "SECURITYVULNS:DOC:28804", "SECURITYVULNS:VULN:12747"]}, {"type": "thn", "idList": ["THN:109F3CE2A5819B3E1345F63EBB346D6C"]}, {"type": "seebug", "idList": ["SSV:60454", "SSV:60787", "SSV:60828", "SSV:60497"]}, {"type": "redhat", "idList": ["RHSA-2013:1012", "RHSA-2013:0266", "RHSA-2013:0265", "RHSA-2013:0267", "RHSA-2013:0623", "RHSA-2013:1011"]}, {"type": "vmware", "idList": ["VMSA-2013-0006"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0640", "ELSA-2013-0623"]}, {"type": "gentoo", "idList": ["GLSA-201412-29"]}, {"type": "centos", "idList": ["CESA-2013:0623"]}, {"type": "freebsd", "idList": ["134ACAA2-51EF-11E2-8E34-0022156E8794", "953911FE-51EF-11E2-8E34-0022156E8794"]}], "modified": "2017-04-02T10:17:25", "rev": 2}, "vulnersScore": 5.7}, "references": [], "id": "ATLASSIAN:CONFSERVER-29345", "lastseen": "2017-04-02T10:17:25", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "modified": "2017-04-02T08:19:27", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version."}

{"atlassian": [{"lastseen": "2017-03-22T18:16:54", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "edition": 1, "description": "Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-02-17T05:47:48", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONF-29345", "id": "ATLASSIAN:CONF-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T17:29:02", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Cloud*. Using *Confluence Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "edition": 4, "modified": "2017-04-02T08:19:29", "published": "2013-05-21T00:23:31", "id": "ATLASSIAN:CONFCLOUD-29345", "href": "https://jira.atlassian.com/browse/CONFCLOUD-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:35:29", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "description": "There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32:\r\n[CVE-2013-2067|http://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C518CB1D4.1020106@apache.org%3E]\r\n[CVE-2013-2071|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1CC.6070909@apache.org%3E]\r\n[CVE-2012-3544|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1D9.6020808@apache.org%3E] - Not reported for Tomcat 7.0.32\r\n\r\nStash should be bundled with the latest Tomcat version 7.0.40 to ensure it contains a fix for the above security vulnerabilities.\r\n", "edition": 5, "modified": "2013-09-15T23:05:13", "published": "2013-05-21T04:29:40", "id": "ATLASSIAN:BSERV-3475", "href": "https://jira.atlassian.com/browse/BSERV-3475", "title": "Upgrade bundled Tomcat due to security vulnerabilities", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-3546"], "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *JIRA Cloud*. Using *JIRA Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33563].\n {panel}\n\nCustomer did a Security Scan on the instance and founded the version (5.1.8) that he is using subjected to security vulnerabilities on bundled tomcat which is version 6.0.35. \n\nSecurity Vulnerabilities Information:\n* http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36\n\nSo customer considering to upgrade to latest JIRA version (6.0.2). However the tomcat version that come bundled with it (7.0.29) is still exposed to security vulnerabilities as stated on the follow documentation from tomcat:\n\n* http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.30\n\n{quote}\n*Important: Denial of service* CVE-2012-3544\nWhen processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server.\n\nThis was fixed in revisions 1378702 and 1378921.\n\nThis issue was reported to the Tomcat security team on 10 November 2011 and made public on 10 May 2013.\n\nAffects: 7.0.0-7.0.29\n\n*Moderate: DIGEST authentication weakness* CVE-2012-3439\nThree weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved:\n\n# Tomcat tracked client rather than server nonces and nonce count.\n# When a session ID was present, authentication was bypassed.\n# The user name and password were not checked before when indicating that a nonce was stale.\n\nThese issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.\n\nThis was fixed in revision 1377807.\n\nThe first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.\n\nAffects: 7.0.0-7.0.29\n\n*Important: Bypass of security constraints* CVE-2012-3546\n\nWhen using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().\n\nThis was fixed in revision 1377892.\n\nThis issue was identified by the Tomcat security team on 13 July 2012 and made public on 4 December 2012.\n\nAffects: 7.0.0-7.0.29\n{quote}\n\nCustomer requested this information to be conveyed here and to change the future bundled version to a later version to avoid on the security vulnerabilities stated.\n\nCurrently the only way to bypass this security threat is by deploying WAR installation with later version of tomcat. ", "edition": 8, "modified": "2019-04-16T03:53:36", "published": "2013-06-19T09:30:24", "id": "ATLASSIAN:JRACLOUD-33563", "href": "https://jira.atlassian.com/browse/JRACLOUD-33563", "title": "Upgrade bundled Tomcat to the latest minor release", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-3546"], "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-33563].\n {panel}\n\nCustomer did a Security Scan on the instance and founded the version (5.1.8) that he is using subjected to security vulnerabilities on bundled tomcat which is version 6.0.35. \r\n\r\nSecurity Vulnerabilities Information:\r\n* http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36\r\n\r\nSo customer considering to upgrade to latest JIRA version (6.0.2). However the tomcat version that come bundled with it (7.0.29) is still exposed to security vulnerabilities as stated on the follow documentation from tomcat:\r\n\r\n* http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.30\r\n\r\n{quote}\r\n*Important: Denial of service* CVE-2012-3544\r\nWhen processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server.\r\n\r\nThis was fixed in revisions 1378702 and 1378921.\r\n\r\nThis issue was reported to the Tomcat security team on 10 November 2011 and made public on 10 May 2013.\r\n\r\nAffects: 7.0.0-7.0.29\r\n\r\n*Moderate: DIGEST authentication weakness* CVE-2012-3439\r\nThree weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved:\r\n\r\n# Tomcat tracked client rather than server nonces and nonce count.\r\n# When a session ID was present, authentication was bypassed.\r\n# The user name and password were not checked before when indicating that a nonce was stale.\r\n\r\nThese issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.\r\n\r\nThis was fixed in revision 1377807.\r\n\r\nThe first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.\r\n\r\nAffects: 7.0.0-7.0.29\r\n\r\n*Important: Bypass of security constraints* CVE-2012-3546\r\n\r\nWhen using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().\r\n\r\nThis was fixed in revision 1377892.\r\n\r\nThis issue was identified by the Tomcat security team on 13 July 2012 and made public on 4 December 2012.\r\n\r\nAffects: 7.0.0-7.0.29\r\n{quote}\r\n\r\nCustomer requested this information to be conveyed here and to change the future bundled version to a later version to avoid on the security vulnerabilities stated.\r\n\r\nCurrently the only way to bypass this security threat is by deploying WAR installation with later version of tomcat. ", "edition": 8, "modified": "2018-02-08T06:26:20", "published": "2013-06-19T09:30:24", "id": "ATLASSIAN:JRASERVER-33563", "href": "https://jira.atlassian.com/browse/JRASERVER-33563", "title": "Upgrade bundled Tomcat to the latest minor release", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-03-22T18:16:54", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-3546"], "edition": 1, "description": "Customer did a Security Scan on the instance and founded the version (5.1.8) that he is using subjected to security vulnerabilities on bundled tomcat which is version 6.0.35. \r\n\r\nSecurity Vulnerabilities Information:\r\n* http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36\r\n\r\nSo customer considering to upgrade to latest JIRA version (6.0.2). However the tomcat version that come bundled with it (7.0.29) is still exposed to security vulnerabilities as stated on the follow documentation from tomcat:\r\n\r\n* http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.30\r\n\r\n{quote}\r\n*Important: Denial of service* CVE-2012-3544\r\nWhen processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server.\r\n\r\nThis was fixed in revisions 1378702 and 1378921.\r\n\r\nThis issue was reported to the Tomcat security team on 10 November 2011 and made public on 10 May 2013.\r\n\r\nAffects: 7.0.0-7.0.29\r\n\r\n*Moderate: DIGEST authentication weakness* CVE-2012-3439\r\nThree weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved:\r\n\r\n# Tomcat tracked client rather than server nonces and nonce count.\r\n# When a session ID was present, authentication was bypassed.\r\n# The user name and password were not checked before when indicating that a nonce was stale.\r\n\r\nThese issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.\r\n\r\nThis was fixed in revision 1377807.\r\n\r\nThe first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.\r\n\r\nAffects: 7.0.0-7.0.29\r\n\r\n*Important: Bypass of security constraints* CVE-2012-3546\r\n\r\nWhen using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().\r\n\r\nThis was fixed in revision 1377892.\r\n\r\nThis issue was identified by the Tomcat security team on 13 July 2012 and made public on 4 December 2012.\r\n\r\nAffects: 7.0.0-7.0.29\r\n{quote}\r\n\r\nCustomer requested this information to be conveyed here and to change the future bundled version to a later version to avoid on the security vulnerabilities stated.\r\n\r\nCurrently the only way to bypass this security threat is by deploying WAR installation with later version of tomcat. ", "modified": "2017-02-20T04:49:59", "published": "2013-06-19T09:30:24", "href": "https://jira.atlassian.com/browse/JRA-33563", "id": "ATLASSIAN:JRA-33563", "title": "Upgrade bundled Tomcat to the latest minor release", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4534"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:136141256231072606", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072606", "type": "openvas", "title": "FreeBSD Ports: tomcat", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_tomcat1.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 152e4c7e-2a2e-11e2-99c7-00a0d181e71d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72606\");\n script_version(\"$Revision: 11762 $\");\n script_cve_id(\"CVE-2012-3439\", \"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-3544\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:47:33 -0500 (Mon, 26 Nov 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: tomcat\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/152e4c7e-2a2e-11e2-99c7-00a0d181e71d.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.36\")<0) {\n txt += \"Package tomcat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.36\")<0) {\n txt += \"Package tomcat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0.0\")>0 && revcomp(a:bver, b:\"7.0.30\")<0) {\n txt += \"Package tomcat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3439", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4534"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310864957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864957", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2012-20151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2012-20151\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864957\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:01:01 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3439\", \"CVE-2012-2733\", \"CVE-2012-4534\",\n \"CVE-2012-4431\", \"CVE-2012-3546\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-20151\");\n script_name(\"Fedora Update for tomcat FEDORA-2012-20151\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.33~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:06:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3439", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4534"], "description": "Check for the Version of tomcat", "modified": "2018-01-04T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:864957", "href": "http://plugins.openvas.org/nasl.php?oid=864957", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2012-20151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2012-20151\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\n\ntag_affected = \"tomcat on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html\");\n script_id(864957);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:01:01 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3439\", \"CVE-2012-2733\", \"CVE-2012-4534\",\n \"CVE-2012-4431\", \"CVE-2012-3546\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20151\");\n script_name(\"Fedora Update for tomcat FEDORA-2012-20151\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.33~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544 \nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067 \nThe FormAuthenticator module was vulnerable to session fixation.", "modified": "2017-07-07T00:00:00", "published": "2013-07-18T00:00:00", "id": "OPENVAS:892725", "href": "http://plugins.openvas.org/nasl.php?oid=892725", "type": "openvas", "title": "Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2725.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2725-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"tomcat6 on Debian Linux\";\ntag_insight = \"Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)\nspecifications from Sun Microsystems, and provides a 'pure Java' HTTP web\nserver environment for Java code to run.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for\nCVE-2012-2733,\nCVE-2012-3546,\nCVE-2012-4431,\nCVE-2012-4534,\nCVE-2012-5885,\nCVE-2012-5886 and\nCVE-2012-5887 \n,\nwhich were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\";\ntag_summary = \"Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544 \nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067 \nThe FormAuthenticator module was vulnerable to session fixation.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892725);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-4534\", \"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2012-5885\", \"CVE-2012-5887\", \"CVE-2012-4431\", \"CVE-2012-2733\", \"CVE-2012-5886\", \"CVE-2012-3546\");\n script_name(\"Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-18 00:00:00 +0200 (Thu, 18 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2725.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067\nThe FormAuthenticator module was vulnerable to session fixation.", "modified": "2019-03-18T00:00:00", "published": "2013-07-18T00:00:00", "id": "OPENVAS:1361412562310892725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892725", "type": "openvas", "title": "Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2725.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2725-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892725\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-4534\", \"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2012-5885\", \"CVE-2012-5887\", \"CVE-2012-4431\", \"CVE-2012-2733\", \"CVE-2012-5886\", \"CVE-2012-3546\");\n script_name(\"Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-18 00:00:00 +0200 (Thu, 18 Jul 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2725.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"tomcat6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for\nCVE-2012-2733,\nCVE-2012-3546,\nCVE-2012-4431,\nCVE-2012-4534,\nCVE-2012-5885,\nCVE-2012-5886 and\nCVE-2012-5887\n,\nwhich were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067\nThe FormAuthenticator module was vulnerable to session fixation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:09:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "Check for the Version of tomcat7", "modified": "2018-01-25T00:00:00", "published": "2013-01-15T00:00:00", "id": "OPENVAS:841274", "href": "http://plugins.openvas.org/nasl.php?oid=841274", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-1685-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1685_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for tomcat7 USN-1685-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly performed certain security\n constraint checks in the FORM authenticator. A remote attacker could\n possibly use this flaw with a specially-crafted URI to bypass security\n constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10\n and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\n It was discovered that Tomcat incorrectly handled requests that lack a\n session identifier. A remote attacker could possibly use this flaw to\n bypass the cross-site request forgery protection. (CVE-2012-4431)\n \n It was discovered that Tomcat incorrectly handled sendfile and HTTPS when\n the NIO connector is used. A remote attacker could use this flaw to cause\n Tomcat to stop responsing, resulting in a denial of service. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS.\n (CVE-2012-4534)\";\n\n\ntag_affected = \"tomcat7 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1685-1/\");\n script_id(841274);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:42 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1685-1\");\n script_name(\"Ubuntu Update for tomcat7 USN-1685-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.32-5ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-01-15T00:00:00", "id": "OPENVAS:1361412562310841274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841274", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-1685-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1685_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat7 USN-1685-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1685-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841274\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:42 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1685-1\");\n script_name(\"Ubuntu Update for tomcat7 USN-1685-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly performed certain security\n constraint checks in the FORM authenticator. A remote attacker could\n possibly use this flaw with a specially-crafted URI to bypass security\n constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10\n and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\n It was discovered that Tomcat incorrectly handled requests that lack a\n session identifier. A remote attacker could possibly use this flaw to\n bypass the cross-site request forgery protection. (CVE-2012-4431)\n\n It was discovered that Tomcat incorrectly handled sendfile and HTTPS when\n the NIO connector is used. A remote attacker could use this flaw to cause\n Tomcat to stop responding, resulting in a denial of service. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS.\n (CVE-2012-4534)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.32-5ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-26T11:09:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "description": "Check for the Version of tomcat7", "modified": "2018-01-26T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:841442", "href": "http://plugins.openvas.org/nasl.php?oid=841442", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-1841-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1841_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# Ubuntu Update for tomcat7 USN-1841-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly handled certain requests\n submitted using chunked transfer encoding. A remote attacker could use this\n flaw to cause the Tomcat server to stop responding, resulting in a denial\n of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.\n (CVE-2012-3544)\n\n It was discovered that Tomcat incorrectly handled certain authentication\n requests. A remote attacker could possibly use this flaw to inject a\n request that would get executed with a victim's credentials. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10.\n (CVE-2013-2067)\n\n It was discovered that Tomcat sometimes exposed elements of a previous\n request to the current request. This could allow a remote attacker to\n possibly obtain sensitive information. This issue only affected Ubuntu\n 12.10 and Ubuntu 13.04. (CVE-2013-2071)\";\n\n\ntag_affected = \"tomcat7 on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841442);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:57:48 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2013-2071\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for tomcat7 USN-1841-1\");\n\n script_xref(name: \"USN\", value: \"1841-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1841-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.35-1~exp2ubuntu1.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310841442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841442", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-1841-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1841_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat7 USN-1841-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841442\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:57:48 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2013-2071\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for tomcat7 USN-1841-1\");\n\n script_xref(name:\"USN\", value:\"1841-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1841-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|12\\.10|13\\.04)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly handled certain requests\n submitted using chunked transfer encoding. A remote attacker could use this\n flaw to cause the Tomcat server to stop responding, resulting in a denial\n of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.\n (CVE-2012-3544)\n\n It was discovered that Tomcat incorrectly handled certain authentication\n requests. A remote attacker could possibly use this flaw to inject a\n request that would get executed with a victim's credentials. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10.\n (CVE-2013-2067)\n\n It was discovered that Tomcat sometimes exposed elements of a previous\n request to the current request. This could allow a remote attacker to\n possibly obtain sensitive information. This issue only affected Ubuntu\n 12.10 and Ubuntu 13.04. (CVE-2013-2071)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.35-1~exp2ubuntu1.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "description": "Gentoo Linux Local Security Checks GLSA 201412-29", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121315", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-29", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-29.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121315\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:17 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-29\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-29\");\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3544\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\", \"CVE-2013-2067\", \"CVE-2013-2071\", \"CVE-2013-4286\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0033\", \"CVE-2014-0050\", \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-29\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"ge 7.0.56\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"ge 6.0.41\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(), vulnerable: make_list(\"lt 7.0.56\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-3439", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2012-12-19T08:29:53", "published": "2012-12-19T08:29:53", "id": "FEDORA:7E5312097C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-10-03T12:06:04", "description": "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.", "edition": 3, "cvss3": {}, "published": "2012-11-16T21:55:00", "title": "CVE-2012-2733", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2733"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-2733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2733", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887. Notes: All CVE users should reference one or more of CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "edition": 2, "cvss3": {}, "published": "2012-11-17T19:55:00", "title": "CVE-2012-3439", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2012-3439"], "modified": "2012-11-17T19:55:00", "cpe": [], "id": "CVE-2012-3439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3439", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2020-10-03T12:06:09", "description": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-4534", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4534"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-4534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4534", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:09", "description": "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-4431", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4431"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-4431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-3546", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3546"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-3546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3546", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:03", "description": "Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2012-08-14T23:55:00", "title": "CVE-2012-2071", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2071"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:geoff_davies:contact_forms:6.x-1.6", "cpe:/a:geoff_davies:contact_forms:6.x-1.8", "cpe:/a:geoff_davies:contact_forms:6.x-1.3", "cpe:/a:geoff_davies:contact_forms:6.x-1.10", "cpe:/a:geoff_davies:contact_forms:6.x-1.x", "cpe:/a:geoff_davies:contact_forms:6.x-1.11", "cpe:/a:geoff_davies:contact_forms:6.x-1.9", "cpe:/a:geoff_davies:contact_forms:6.x-1.5", "cpe:/a:geoff_davies:contact_forms:6.x-1.1", "cpe:/a:geoff_davies:contact_forms:6.x-1.7", "cpe:/a:geoff_davies:contact_forms:6.x-1.4", "cpe:/a:geoff_davies:contact_forms:6.x-1.2", "cpe:/a:geoff_davies:contact_forms:6.x-1.12"], "id": "CVE-2012-2071", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2071", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:geoff_davies:contact_forms:6.x-1.10:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.5:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.4:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.3:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.12:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.x:dev:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.2:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.11:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.9:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.8:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.7:*:*:*:*:*:*:*", "cpe:2.3:a:geoff_davies:contact_forms:6.x-1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:58", "description": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "edition": 5, "cvss3": {}, "published": "2013-06-01T14:21:00", "title": "CVE-2013-2067", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2067"], "modified": "2019-04-15T16:29:00", "cpe": ["cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.21", "cpe:/a:apache:tomcat:6.0.30"], "id": "CVE-2013-2067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2067", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.", "edition": 5, "cvss3": {}, "published": "2013-06-01T14:21:00", "title": "CVE-2012-3544", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3544"], "modified": "2019-04-15T16:29:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-3544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3544", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:58", "description": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.", "edition": 3, "cvss3": {}, "published": "2013-06-01T14:21:00", "title": "CVE-2013-2071", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2071"], "modified": "2017-05-23T01:29:00", "cpe": ["cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:7.0.10"], "id": "CVE-2013-2071", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2071", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-11-11T13:12:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2725-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3544 CVE-2013-2067\n\nTwo security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\n\n The input filter for chunked transfer encodings could trigger high \n resource consumption through malformed CRLF sequences, resulting in \n denial of service.\n\nCVE-2013-2067\n\n The FormAuthenticator module was vulnerable to session fixation.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for \nCVE-2012-2733,CVE-2012-3546,CVE-2012-4431, CVE-2012-4534,CVE-2012-5885,\nCVE-2012-5886 and CVE-2012-5887, which were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n\n\n", "edition": 4, "modified": "2013-07-18T17:59:18", "published": "2013-07-18T17:59:18", "id": "DEBIAN:DSA-2725-1:3350C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00134.html", "title": "[SECURITY] [DSA 2725-1] tomcat6 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:10:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2071", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2897-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 08, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2013-2067 CVE-2013-2071 CVE-2013-4286 CVE-2013-4322 \n CVE-2014-0050\n\nMultiple security issues were found in the Tomcat servlet and JSP engine:\n\nCVE-2013-2067\n\n FORM authentication associates the most recent request requiring \n authentication with the current session. By repeatedly sending a request \n for an authenticated resource while the victim is completing the login \n form, an attacker could inject a request that would be executed using the \n victim&#x27;s credentials.\n\nCVE-2013-2071\n\n A runtime exception in AsyncListener.onComplete() prevents the request from \n being recycled. This may expose elements of a previous request to a current \n request.\n\nCVE-2013-4286\n\n Reject requests with multiple content-length headers or with a content-length \n header when chunked encoding is being used.\n\nCVE-2013-4322\n\n When processing a request submitted using the chunked transfer encoding, \n Tomcat ignored but did not limit any extensions that were included. This allows \n a client to perform a limited denial of service. by streaming an unlimited amount \n of data to the server.\n\nCVE-2014-0050\n\n Multipart requests with a malformed Content-Type header could trigger an \n infinite loop causing a denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2014-04-08T18:25:42", "published": "2014-04-08T18:25:42", "id": "DEBIAN:DSA-2897-1:13B38", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00073.html", "title": "[SECURITY] [DSA 2897-1] tomcat7 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:47:58", "description": "Two security issues have been found in the Tomcat servlet and JSP\nengine :\n\n - CVE-2012-3544\n The input filter for chunked transfer encodings could\n trigger high resource consumption through malformed CRLF\n sequences, resulting in denial of service.\n\n - CVE-2013-2067\n The FormAuthenticator module was vulnerable to session\n fixation.", "edition": 18, "published": "2013-07-19T00:00:00", "title": "Debian DSA-2725-1 : tomcat6 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-07-19T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/68971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2725. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68971);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-2067\");\n script_bugtraq_id(59797, 59799);\n script_xref(name:\"DSA\", value:\"2725\");\n\n script_name(english:\"Debian DSA-2725-1 : tomcat6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security issues have been found in the Tomcat servlet and JSP\nengine :\n\n - CVE-2012-3544\n The input filter for chunked transfer encodings could\n trigger high resource consumption through malformed CRLF\n sequences, resulting in denial of service.\n\n - CVE-2013-2067\n The FormAuthenticator module was vulnerable to session\n fixation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2725\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 6.0.35-1+squeeze3. This update also provides fixes\nfor CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534,\nCVE-2012-5885, CVE-2012-5886 and CVE-2012-5887, which were all fixed\nfor stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6.0.35-6+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-6+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:39:05", "description": "It was discovered that Tomcat incorrectly performed certain security\nconstraint checks in the FORM authenticator. A remote attacker could\npossibly use this flaw with a specially crafted URI to bypass security\nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a\nsession identifier. A remote attacker could possibly use this flaw to\nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS\nwhen the NIO connector is used. A remote attacker could use this flaw\nto cause Tomcat to stop responsing, resulting in a denial of service.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu\n12.04 LTS. (CVE-2012-4534).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-01-15T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1685-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1685-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63535);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_xref(name:\"USN\", value:\"1685-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly performed certain security\nconstraint checks in the FORM authenticator. A remote attacker could\npossibly use this flaw with a specially crafted URI to bypass security\nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a\nsession identifier. A remote attacker could possibly use this flaw to\nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS\nwhen the NIO connector is used. A remote attacker could use this flaw\nto cause Tomcat to stop responsing, resulting in a denial of service.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu\n12.04 LTS. (CVE-2012-4534).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1685-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java and / or libtomcat7-java packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.32-5ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.30-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T06:39:38", "description": "It was discovered that Tomcat incorrectly handled certain requests\nsubmitted using chunked transfer encoding. A remote attacker could use\nthis flaw to cause the Tomcat server to stop responding, resulting in\na denial of service. This issue only affected Ubuntu 10.04 LTS and\nUbuntu 12.04 LTS. (CVE-2012-3544)\n\nIt was discovered that Tomcat incorrectly handled certain\nauthentication requests. A remote attacker could possibly use this\nflaw to inject a request that would get executed with a victim's\ncredentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04\nLTS, and Ubuntu 12.10. (CVE-2013-2067)\n\nIt was discovered that Tomcat sometimes exposed elements of a previous\nrequest to the current request. This could allow a remote attacker to\npossibly obtain sensitive information. This issue only affected Ubuntu\n12.10 and Ubuntu 13.04. (CVE-2013-2071).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2013-05-29T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : tomcat6, tomcat7 vulnerabilities (USN-1841-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "cpe:/o:canonical:ubuntu_linux:13.04", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1841-1.NASL", "href": "https://www.tenable.com/plugins/nessus/66670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1841-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66670);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2013-2071\");\n script_bugtraq_id(59797, 59798, 59799);\n script_xref(name:\"USN\", value:\"1841-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : tomcat6, tomcat7 vulnerabilities (USN-1841-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly handled certain requests\nsubmitted using chunked transfer encoding. A remote attacker could use\nthis flaw to cause the Tomcat server to stop responding, resulting in\na denial of service. This issue only affected Ubuntu 10.04 LTS and\nUbuntu 12.04 LTS. (CVE-2012-3544)\n\nIt was discovered that Tomcat incorrectly handled certain\nauthentication requests. A remote attacker could possibly use this\nflaw to inject a request that would get executed with a victim's\ncredentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04\nLTS, and Ubuntu 12.10. (CVE-2013-2067)\n\nIt was discovered that Tomcat sometimes exposed elements of a previous\nrequest to the current request. This could allow a remote attacker to\npossibly obtain sensitive information. This issue only affected Ubuntu\n12.10 and Ubuntu 13.04. (CVE-2013-2071).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1841-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java and / or libtomcat7-java packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.13\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.30-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.35-1~exp2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:21", "description": " - Updated to 7.0.33\n\n - Resolves: rhbz 873620 need chkconfig for\n update-alternatives\n\n - Resolves: rhbz 883676,883691,883704,873707 fix several\n security issues\n\n - Resolves: rhbz 883806 refix logdir ownership\n\n - Resolves: rhbz 820119 Remove bundled\n apache-commons-dbcp\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2012-12-20T00:00:00", "title": "Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2012-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-20151.NASL", "href": "https://www.tenable.com/plugins/nessus/63309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20151.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63309);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56402, 56403, 56812, 56813, 56814);\n script_xref(name:\"FEDORA\", value:\"2012-20151\");\n\n script_name(english:\"Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Updated to 7.0.33\n\n - Resolves: rhbz 873620 need chkconfig for\n update-alternatives\n\n - Resolves: rhbz 883676,883691,883704,873707 fix several\n security issues\n\n - Resolves: rhbz 883806 refix logdir ownership\n\n - Resolves: rhbz 820119 Remove bundled\n apache-commons-dbcp\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=873664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=873695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883637\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbf6a2f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"tomcat-7.0.33-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T19:09:29", "description": "According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows for a crafted header to cause a remote denial of\n service. (CVE-2012-2733)\n\n - An error exists related to FORM authentication that\n allows a security bypass if 'j_security_check' is\n appended to the request. (CVE-2012-3546)\n\n - An error exists in the file\n 'filters/CsrfPreventionFilter.java' that allows\n cross-site request forgery (XSRF) attacks to bypass\n the filtering. This can allow access to protected\n resources without a session identifier. (CVE-2012-4431)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\n - Replay-countermeasure functionality in HTTP Digest\n Access Authentication tracks cnonce values instead of\n nonce values, which makes it easier for attackers to\n bypass access restrictions by sniffing the network for\n valid requests. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation\n caches information about the authenticated user, which\n allows an attacker to bypass authentication via session\n ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation\n does not properly check for stale nonce values with\n enforcement of proper credentials, which allows an\n attacker to bypass restrictions by sniffing requests.\n (CVE-2012-5887)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2012-11-21T00:00:00", "title": "Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2012-11-21T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_36.NASL", "href": "https://www.tenable.com/plugins/nessus/62987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62987);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\n \"CVE-2012-2733\",\n \"CVE-2012-3546\",\n \"CVE-2012-4431\",\n \"CVE-2012-4534\",\n \"CVE-2012-5885\",\n \"CVE-2012-5886\",\n \"CVE-2012-5887\"\n );\n script_bugtraq_id(56402, 56403, 56812, 56813, 56814);\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows for a crafted header to cause a remote denial of\n service. (CVE-2012-2733)\n\n - An error exists related to FORM authentication that\n allows a security bypass if 'j_security_check' is\n appended to the request. (CVE-2012-3546)\n\n - An error exists in the file\n 'filters/CsrfPreventionFilter.java' that allows\n cross-site request forgery (XSRF) attacks to bypass\n the filtering. This can allow access to protected\n resources without a session identifier. (CVE-2012-4431)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\n - Replay-countermeasure functionality in HTTP Digest\n Access Authentication tracks cnonce values instead of\n nonce values, which makes it easier for attackers to\n bypass access restrictions by sniffing the network for\n valid requests. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation\n caches information about the authenticated user, which\n allows an attacker to bypass authentication via session\n ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation\n does not properly check for stale nonce values with\n enforcement of proper credentials, which allows an\n attacker to bypass restrictions by sniffing requests.\n (CVE-2012-5887)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/72\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/73\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/74\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 6.0.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5887\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.36\", min:\"6.0.0\", severity:SECURITY_WARNING, xsrf:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T04:35:05", "description": "The remote host has a version of Oracle Secure Global Desktop\ninstalled that is affected by multiple vulnerabilities :\n\n - Specially crafted requests sent with chunked transfer\n encoding could allow a remote attacker to perform a\n 'limited' denial of service attack on the Tomcat server.\n (CVE-2012-3544)\n\n - The Tomcat server is affected by a session fixation\n vulnerability in the FORM authenticator. (CVE-2013-2067)\n\n - The Apache Tomcat AsyncListener method is affected by a\n cross-session information disclosure vulnerability when\n handling user requests. (CVE-2013-2071)\n\n - The Administration Console and Workspace Web\n Applications subcomponent is affected by an unspecified,\n remote vulnerability. (CVE-2014-0419)", "edition": 27, "published": "2014-02-05T00:00:00", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2014-0419", "CVE-2013-2067"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2014_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/72339", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72339);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2012-3544\",\n \"CVE-2013-2067\",\n \"CVE-2013-2071\",\n \"CVE-2014-0419\"\n );\n script_bugtraq_id(59797, 59798, 59799, 64902);\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)\");\n script_summary(english:\"Checks version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Oracle Secure Global Desktop that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Oracle Secure Global Desktop\ninstalled that is affected by multiple vulnerabilities :\n\n - Specially crafted requests sent with chunked transfer\n encoding could allow a remote attacker to perform a\n 'limited' denial of service attack on the Tomcat server.\n (CVE-2012-3544)\n\n - The Tomcat server is affected by a session fixation\n vulnerability in the FORM authenticator. (CVE-2013-2067)\n\n - The Apache Tomcat AsyncListener method is affected by a\n cross-session information disclosure vulnerability when\n handling user requests. (CVE-2013-2071)\n\n - The Administration Console and Workspace Web\n Applications subcomponent is affected by an unspecified,\n remote vulnerability. (CVE-2014-0419)\");\n # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17c46362\");\n # https://blogs.oracle.com/virtualization/important-patch-set-updates-psu-for-oracle-secure-global-desktop\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32433158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the the January 2014 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = '';\n\nif (version =~ \"^5\\.00($|\\.)\") fix_required = 'Patch_50p1';\nif (version =~ \"^4\\.71($|\\.)\") fix_required = 'Patch_471p1';\nif (version =~ \"^4\\.63($|\\.)\") fix_required = 'Patch_463p1';\n\nif (fix_required == '') audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n if (patch == fix_required) patched = TRUE;\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version + ' (with ' + fix_required + ')');\n\nif (report_verbosity > 0)\n{\n report = '\\n Version : ' + version +\n '\\n Patch Required : ' + fix_required +\n '\\n';\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:41:55", "description": "This update of tomcat6 fixes the following security issues :\n\n - denial of service. (CVE-2012-4534)\n\n - tomcat: HTTP NIO connector OOM DoS via a request with\n large headers. (CVE-2012-2733)\n\n - tomcat: cnonce tracking weakness. (CVE-2012-5885)\n\n - tomcat: authentication caching weakness. (CVE-2012-5886)\n\n - tomcat: stale nonce weakness. (CVE-2012-5887)\n\n - tomcat: affected by slowloris DoS. (CVE-2012-5568)\n\n - tomcat: Bypass of security constraints. (CVE-2012-3546)\n\n - tomcat: bypass of CSRF prevention filter.\n (CVE-2012-4431)", "edition": 18, "published": "2013-02-04T00:00:00", "title": "SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5568", "CVE-2012-5885"], "modified": "2013-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:tomcat6-webapps", "p-cpe:/a:novell:suse_linux:11:tomcat6", "p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:11:tomcat6-lib", "p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps"], "id": "SUSE_11_TOMCAT6-130107.NASL", "href": "https://www.tenable.com/plugins/nessus/64430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5568\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat6 fixes the following security issues :\n\n - denial of service. (CVE-2012-4534)\n\n - tomcat: HTTP NIO connector OOM DoS via a request with\n large headers. (CVE-2012-2733)\n\n - tomcat: cnonce tracking weakness. (CVE-2012-5885)\n\n - tomcat: authentication caching weakness. (CVE-2012-5886)\n\n - tomcat: stale nonce weakness. (CVE-2012-5887)\n\n - tomcat: affected by slowloris DoS. (CVE-2012-5568)\n\n - tomcat: Bypass of security constraints. (CVE-2012-3546)\n\n - tomcat: bypass of CSRF prevention filter.\n (CVE-2012-4431)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4431.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5568.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5886.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5887.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7208.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-admin-webapps-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-docs-webapp-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-javadoc-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-jsp-2_1-api-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-lib-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-servlet-2_5-api-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-webapps-6.0.18-20.35.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:01:16", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav\n a in the HTTP NIO connector in Apache Tomcat 6.x before\n 6.0.36 and 7.x before 7.0.28 does not properly restrict\n the request-header size, which allows remote attackers\n to cause a denial of service (memory consumption) via a\n large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when\n FORM authentication is used, allows remote attackers to\n bypass security-constraint checks by leveraging a\n previous setUserPrincipal call and then placing\n /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in\n Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32\n allows remote attackers to bypass the cross-site request\n forgery (CSRF) protection mechanism via a request that\n lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the\n NIO connector is used in conjunction with sendfile and\n HTTPS, allows remote attackers to cause a denial of\n service (infinite loop) by terminating the connection\n during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x\n before 7.0.30 tracks cnonce (aka client nonce) values\n instead of nonce (aka server nonce) and nc (aka\n nonce-count) values, which makes it easier for remote\n attackers to bypass intended access restrictions by\n sniffing the network for valid requests, a different\n vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 caches information about the\n authenticated user within the session state, which makes\n it easier for remote attackers to bypass authentication\n via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 does not properly check for stale\n nonce values in conjunction with enforcement of proper\n credentials, which makes it easier for remote attackers\n to bypass intended access restrictions by sniffing the\n network for valid requests. (CVE-2012-5887)", "edition": 25, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2011-1184", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:tomcat"], "id": "SOLARIS11_TOMCAT_20140401.NASL", "href": "https://www.tenable.com/plugins/nessus/80791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80791);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav\n a in the HTTP NIO connector in Apache Tomcat 6.x before\n 6.0.36 and 7.x before 7.0.28 does not properly restrict\n the request-header size, which allows remote attackers\n to cause a denial of service (memory consumption) via a\n large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when\n FORM authentication is used, allows remote attackers to\n bypass security-constraint checks by leveraging a\n previous setUserPrincipal call and then placing\n /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in\n Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32\n allows remote attackers to bypass the cross-site request\n forgery (CSRF) protection mechanism via a request that\n lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the\n NIO connector is used in conjunction with sendfile and\n HTTPS, allows remote attackers to cause a denial of\n service (infinite loop) by terminating the connection\n during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x\n before 7.0.30 tracks cnonce (aka client nonce) values\n instead of nonce (aka server nonce) and nc (aka\n nonce-count) values, which makes it easier for remote\n attackers to bypass intended access restrictions by\n sniffing the network for valid requests, a different\n vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 caches information about the\n authenticated user within the session state, which makes\n it easier for remote attackers to bypass authentication\n via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 does not properly check for stale\n nonce values in conjunction with enforcement of proper\n credentials, which makes it easier for remote attackers\n to bypass intended access restrictions by sniffing the\n network for valid requests. (CVE-2012-5887)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce09309a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.4.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:tomcat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^tomcat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.4.0.5.0\", sru:\"SRU 4.5\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n error_extra = 'Affected package : tomcat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"tomcat\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:26:24", "description": " - fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - apache-tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1372035\n\n - fix a minor issue in apache-tomcat-CVE-2012-4431.patch\n use the already initialized session variable instead of\n an another call req.getSesssion()", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4431", "CVE-2012-4534"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:libtcnative-1-0-devel", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:libtcnative-1-0", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "OPENSUSE-2013-23.NASL", "href": "https://www.tenable.com/plugins/nessus/74938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-23.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74938);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4431\", \"CVE-2012-4534\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)\");\n script_summary(english:\"Check for the openSUSE-2013-23 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - apache-tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1372035\n\n - fix a minor issue in apache-tomcat-CVE-2012-4431.patch\n use the already initialized session variable instead of\n an another call req.getSesssion()\"\n );\n # http://svn.apache.org/viewvc?view=rev&rev=1372035\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1372035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debuginfo-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debugsource-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-devel-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-admin-webapps-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-docs-webapp-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-el-1_0-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-javadoc-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-jsp-2_1-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-lib-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-servlet-2_5-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-webapps-6.0.33-3.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtcnative-1-0 / libtcnative-1-0-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-14T19:09:30", "description": "According to its self-reported version number, the instance of Apache\nTomcat 7.0 listening on the remote host is prior to 7.0.28. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows an attacker, via a crafted header, to cause a\n remote denial of service. (CVE-2012-2733)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2012-11-21T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.28 Multiple DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2733", "CVE-2012-4534"], "modified": "2012-11-21T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/62985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62985);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-4534\");\n script_bugtraq_id(56402, 56813);\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.28 Multiple DoS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple remote denial\nof service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0 listening on the remote host is prior to 7.0.28. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows an attacker, via a crafted header, to cause a\n remote denial of service. (CVE-2012-2733)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/72\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 7.0.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2733\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.28\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "thn": [{"lastseen": "2017-01-08T18:01:28", "bulletinFamily": "info", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": " \n\n\nSome critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .\n\n \n\n\n**Apache Tomcat vulnerabilities**\n\n * [CVE-2012-4534](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE535A.9000600@apache.org%3E>) Apache Tomcat denial of service\n * [CVE-2012-3546](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE5367.6090809@apache.org%3E>) Apache Tomcat Bypass of security constraints\n * [CVE-2012-4431](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE536F.6000705@apache.org%3E>) Apache Tomcat Bypass of CSRF prevention filter\n\n \n\n\n[](<http://4.bp.blogspot.com/-0qdwDlCWUCs/UL-H7JHOG1I/AAAAAAAAOhg/7BPoAXuqTh0/s1600/apache-tomcat-7.png>)\n\n \n\n\nAccording to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.\n\n \n\n\nCVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.\n\n \n\n\nWhereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.\n\n \n\n\nIf you are affected, Please update your Tomcat to a fixed version i.e \n\n * Tomcat 7.x: Update to version 7.0.32.\n * Tomcat 6.x: Update to version 6.0.36.\n", "modified": "2012-12-05T17:47:59", "published": "2012-12-05T06:45:00", "id": "THN:109F3CE2A5819B3E1345F63EBB346D6C", "href": "http://thehackernews.com/2012/12/apache-tomcat-multiple-critical.html", "type": "thn", "title": "Apache Tomcat Multiple Critical Vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "It was discovered that Tomcat incorrectly performed certain security \nconstraint checks in the FORM authenticator. A remote attacker could \npossibly use this flaw with a specially-crafted URI to bypass security \nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 \nand Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a \nsession identifier. A remote attacker could possibly use this flaw to \nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS when \nthe NIO connector is used. A remote attacker could use this flaw to cause \nTomcat to stop responsing, resulting in a denial of service. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. \n(CVE-2012-4534)", "edition": 5, "modified": "2013-01-14T00:00:00", "published": "2013-01-14T00:00:00", "id": "USN-1685-1", "href": "https://ubuntu.com/security/notices/USN-1685-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "description": "It was discovered that Tomcat incorrectly handled certain requests \nsubmitted using chunked transfer encoding. A remote attacker could use this \nflaw to cause the Tomcat server to stop responding, resulting in a denial \nof service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. \n(CVE-2012-3544)\n\nIt was discovered that Tomcat incorrectly handled certain authentication \nrequests. A remote attacker could possibly use this flaw to inject a \nrequest that would get executed with a victim's credentials. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. \n(CVE-2013-2067)\n\nIt was discovered that Tomcat sometimes exposed elements of a previous \nrequest to the current request. This could allow a remote attacker to \npossibly obtain sensitive information. This issue only affected Ubuntu \n12.10 and Ubuntu 13.04. (CVE-2013-2071)", "edition": 5, "modified": "2013-05-28T00:00:00", "published": "2013-05-28T00:00:00", "id": "USN-1841-1", "href": "https://ubuntu.com/security/notices/USN-1841-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "Protection bypass, DoS.", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:VULN:12747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12747", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "description": "DoS, session fixation, information leakage.", "edition": 1, "modified": "2013-05-10T00:00:00", "published": "2013-05-10T00:00:00", "id": "SECURITYVULNS:VULN:13080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13080", "title": "Apache Tomcat security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4534"], "description": "\r\n\r\nCVE-2012-4534 Apache Tomcat denial of service\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.27\r\n- Tomcat 6.0.0 to 6.0.35\r\n\r\nDescription:\r\nWhen using the NIO connector with sendfile and HTTPS enabled, if a\r\nclient breaks the connection while reading the response an infinite loop\r\nis entered leading to a denial of service. This was originally reported\r\nas https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Tomcat 7.0.x users should upgrade to 7.0.28 or later\r\n- Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThe security implications of this bug were identified by Arun Neelicattu\r\nof the Red Hat Security Response Team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28802", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28802", "title": "CVE-2012-4534 Apache Tomcat denial of service", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4431"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.31\r\n- - Tomcat 6.0.0 to 6.0.35\r\n\r\nDescription:\r\nThe CSRF prevention filter could be bypassed if a request was made to a\r\nprotected resource without a session identifier present in the request.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.32 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThis issue was identified by The Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with undefined - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJQvlNvAAoJEBDAHFovYFnnY80QAMvP1gIpG00vfIdiFabpJX55\r\nUEmkPuTSefxZ6NMvAL8GkuUe8CoC6KinCgOx+s8eGlEiHtWFoYvM/Ckg8E3a8SY6\r\nMfD8GLo2av/LdULGSCBrbaL2wFbgixPTBpgR9YS4bdpTK5nVqBZyZOjOzptqRDnE\r\nBQXDLLKa65/z7cF57l+XcLs1+JW3KJGRiGJzBNUrJK1x/AzfgRgk4jgvYdyDWdpI\r\nzuXKgwBbunblPL4sZhZA2mhoswBIMIJIaHXOAD28Ddt9IIae0UFptY6LmExOkSsa\r\nPtshA4EBlO8JTPPcfwtqA/bkHAWCzB1QshkYD57rLF3t1ouDQWI6j8l+q3AYIxzv\r\na0Ix4qzE2hekcjGSCUMZUqNgcaGSjsggaOEo5zauM01osPQxbfpH41eH5fIWlMKi\r\nvrxRjYJwLyLdkj3bZFuP7Uq1GL4BLjeKDfqsL4aqcfdBPZea6C9rToEkB8EjD4vf\r\nDVdrX4Ivg3ImMMnL+gkX4+5aLp+jpw23G9gZbX1DJn+648iv3yFoK5ysOWy1GAAO\r\nx1Iq3pa49NigJ0ipjZvxc07THIoiK/t49/3fWzMR1Xm819oJC2/Qf512l/FpEltK\r\nkQ0y8BC4+7ypUZyhtwE3jzLW1x2j4ZBK8l1nX0X92WepJ6piro/7o80qiyDMfqPC\r\nhbmBu213eSXnV9kRHveI\r\n=jich\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28804", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28804", "title": "CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-2067"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2013-2067 Session fixation with FORM authenticator\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.32\r\n- - Tomcat 6.0.21 to 6.0.36\r\n\r\nDescription:\r\nFORM authentication associates the most recent request requiring\r\nauthentication with the current session. By repeatedly sending a request\r\nfor an authenticated resource while the victim is completing the login\r\nform, an attacker could inject a request that would be executed using\r\nthe victim&#39;s credentials. This attack has been prevented by changing the\r\nsession ID prior to displaying the login page as well as after the user\r\nhas successfully authenticated.\r\n\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.33 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.37 or later\r\n\r\nCredit:\r\nThis issue was identified by the Apache Tomcat Security Team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJRjLHUAAoJEBDAHFovYFnnUnEP/0R3q0uPTHRXem+Jlx6DLLfs\r\njL3TD1idxqHcUDJhX/mnePwTxIle5lAbPZn6hBknFPdD77kjyflq4TB3ZPUipsip\r\ns2bKzGGlDDZwzRIY46ZqBRcVXuemCu73BjFNLBP6CvjQwm1/wFGuOS+oRRKKigwQ\r\nEw1Mau3c6Sb0VIED4yrgvhPwJwdi1+rA1TO87p/8rxQIS9CTcUy6J/MICPdvIQiI\r\nzIfr7pIRSNDk9JeC6Ybr/SC5lYqAox6eqOYYNoQ+5zQ1BcCw/eQgWpm4WYM2IDV3\r\n2eNbjS/dylz5zBQEDbzz9VtReBTncQLF6Do2KDhWxkaUaX2oaOTPKlLiyL0gwA4e\r\nIDpHDl9D5mLmBaJi4Lz14cwey5wNgs28ZqX9JCUaLz7qc03J9Au7PrplOr3Xth/Z\r\nrQqeKVxFZKaIKQOm2NKs7v7bZAhzp/mKt/u9ndnk0uKk2Tf3i6QJ1GtICTY22eB6\r\nEh4s/o2BJDgGop0P7cTmrAv1uKu6/72eoUJBMyyGCIN67URzVZRwMQnmW6TqZoBt\r\ntASvlTVD53HV3aPdhDHDjP9x/6V6cODD29fzn5op59BWhMVuzf+1lhqphJT0hlQQ\r\nlnuf4H9UWG8I8/OzN7XNabIbVuYyhjYWnt8HI/8N/4cAHfA67fXkcbDqleKOd6qo\r\nPcp0qDLiZqVFSotSkVFl\r\n=hWpv\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-05-10T00:00:00", "published": "2013-05-10T00:00:00", "id": "SECURITYVULNS:DOC:29397", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29397", "title": "[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3546"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2012-3546 Apache Tomcat Bypass of security constraints\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.29\r\n- - Tomcat 6.0.0 to 6.0.35\r\nEarlier unsupported versions may also be affected\r\n\r\nDescription:\r\nWhen using FORM authentication it was possible to bypass the security\r\nconstraint checks in the FORM authenticator by appending\r\n&quot;/j_security_check&quot; to the end of the URL if some other component &#40;such\r\nas the Single-Sign-On valve&#41; had called request.setUserPrincipal&#40;&#41;\r\nbefore the call to FormAuthenticator#authenticate&#40;&#41;.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.30 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThis issue was identified by The Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with undefined - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJQvlNnAAoJEBDAHFovYFnnsJoP/i6/NEKy6+tAcMZ0vKV5CGci\r\n2Epf7NbfWHZhyYZlI445kHoCGQAvMaD0pXlLBUTlzVd2N9Jugk1j2WNPzvOlsaZ0\r\njx3qeuvNhVZzAa2LIDVSj8ENVNYMiA/S4reZu2u9lHqw5tTP5fapJXDNphSnr0kR\r\nA662JdkQlirQtFylkvqFdMoZ3N/vEPwzD8Cs80fafEhEqcoOtrO6yOyaR/kwEFeI\r\n5cxbm/om4+T9cVkRduGqhzLRBWnDiCeBguXiUJXDQorOWmzHq438cNd4ylfFRa1W\r\nRBsin8aVY6LMIUqdWWqUnG8SPI7qp7odMRzhI1yLw+y4ykrV5coKeTvalIsh+3ZE\r\nFWP7kYmrOYS8NToq56Fxn8bYAuAsJiOsVZ4ox0ozR9HQCEqLEpXTa31hEowUBtig\r\nLO0HRgQIeh4rdgxxR2V46JiRw8URNfGevKrhez5B8UAb8hj02SM/3hyg3S3pL2Jn\r\nfl0vLnf1+DACd0mUuGmSQNLx5VznW6fkYHZWgmV3SigaroKL4+BbqCO7WvuNs9aA\r\nY8dYt08IgF0O/Kt1vQdks31KEDIqHJOtrZBCySdvVLGz1x+MxluWssZGQELCcj0v\r\nByfH80yh/uIU2Zk9QTaJlEkuODyWTYxmYRk34R3/zZ57za+NQLlpe0cfBRy33wjt\r\nVCfhXK6n3npDlmhpeBDw\r\n=pOlX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28803", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28803", "title": "CVE-2012-3546 Apache Tomcat Bypass of security constraints", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-2071"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2013-2071 Request mix-up if AsyncListener method throws\r\n RuntimeException\r\n\r\nSeverity: Moderate\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.39\r\n\r\nDescription:\r\nBug 54178 described a scenario where elements of a previous request may\r\nbe exposed to a current request. This was very difficult to exploit\r\ndeliberately but fairly likely to happen unexpectedly if an application\r\nused AsyncListeners that threw RuntimeExceptions. The issue was fixed by\r\ncatching the RuntimeExceptions.\r\n\r\nMitigation:\r\nUsers of affected versions should apply the following mitigation:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.40 or later\r\n\r\nCredit:\r\nThe security implications of this issue were identified by the Apache\r\nTomcat Security Team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttps://issues.apache.org/bugzilla/show_bug.cgi?id=54178\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJRjLHMAAoJEBDAHFovYFnnOIAP/A9HXwQgnJKYl+gXwqFkjXaq\r\nblo70uMMUpKPJ61l/keEguxZ/iGdQC4H2osjQiG7lhoOPvrMKtewCMXDAk/j9Skd\r\nHXuQVSge22Na16M6GUNXARziyDk/44k8RHy3cibrPZPhUNVD743N50toPK8Q6UKR\r\nPmAANa/kB9vvD589PCQLx/i6oiS5jaAwjoSdbwshtJytXrxoHgUrRLl3P5/sPBiq\r\n57H/pAELR4aorfSj+tJL63ySX9v4NRiB55u3hNDgZOnPz3D9sjMsmq5vSzhfyiHh\r\nNnkYGa7+ZfnBL6DJ4eiV5z7lbMFIBa7ZzcyYEhVFCIsbnSwTL2l0a3NSkuQ0xiXS\r\n0jQDenOuCujL1Zw5YYHhRDy2rGbFG8q/Z+ZSQ3NP0vnmQCpCfsY3mBIFCWzhmK+h\r\nTnFKdtxA+Ev/HSGPlSK1hADiYwL/iLb6YMoyintgj2mDIxrdHhcfMq8h6GYD1rbF\r\nvlbWSpmgN81xdU8JxEbnq6PC60OeZH5x08Sj9B3YQlB8E4Pq9B/EaEFYF9oZdYcP\r\n+DQWcd78SBNevg+fgKdKK8CjU5JQhMWetxv6HUomS7j3LgoJQPwVrNcg0yjV1v/g\r\nqgddQ1DOamD+KuQxh08NHfMZP08g5a+CrQ6qpe3/pr/OI0PlTN23aCXvCEGl2KlZ\r\nCn4w/1eoL4agb5oREL2U\r\n=vQbB\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-05-10T00:00:00", "published": "2013-05-10T00:00:00", "id": "SECURITYVULNS:DOC:29398", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29398", "title": "CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2012-3544 Chunked transfer encoding extension size is not limited\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.29\r\n- - Tomcat 6.0.0 to 6.0.36\r\n\r\nDescription:\r\nWhen processing a request submitted using the chunked transfer encoding,\r\nTomcat ignored but did not limit any extensions that were included. This\r\nallows a client to perform a limited DOS by streaming an unlimited\r\namount of data to the server.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.30 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.37 or later\r\n\r\nCredit:\r\nThis issue was identified by Steve Jones.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJRjLHYAAoJEBDAHFovYFnnNacQAKZ8VVSZkh1Tz1hkenVQH9ic\r\nrZGNE3dzfdum8sbL18iObOyt7b7iJMDwSv96sD6Ig+6EgiqRJGcj65a9DOIoyNlD\r\ndmYT8qj4wK2OUsefUpfX0RQHgAZcZMRHX6UcgBETgVDTVcWoZ3lDWEBCYap9CTLf\r\n2MX34mMawDp+WEXloDIvxtSC5q5u2nW/O4UJHH+jaPnnmYmghHqb2yh9Tkjj3fkG\r\nHUtJlK0WuL9TM7IlQySPUHw98BN46illVu8go6xVslE3CLzXIOOOelOnyDH9IFoF\r\nD4SbhKb0nSwSi9aUJsjLNAmgx9Cj5shYyWQSP+CCNXfpOaBz11R3lxSmRvbRBDTf\r\nlW8SPgKiCIjXSbbKtZzhl9cu21i4yZFwaKm22wKSRoEWghHs5mCNcVwt+qNE34Zx\r\nv2eliMYymkc/EDy/aCTz4DwWhGP9XLi8hOtPkSFB46jLLbUOJcAcy3jPnPa9X8Gq\r\nFX07EAncpG8uC9wpSd1Vtr8SPJlbRbkwY2NJ9MaRuEtetbC/Gpq8I5fT7MuBM7X9\r\n8r+GoEcjTMYGWb7T+vGzg5HpcnOVY07wvG1Kvdp/cLxxAjGONsAwvZQ1D6VAjkJx\r\nbgDOGWqTDm1c7U3MIY+CdrGKpKaRCoCI6UX5vlD/+H3NYjMKadUwpDrFNCwSMF4T\r\n7QzwCUk2DGUI/n7o7S5n\r\n=vhss\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-05-10T00:00:00", "published": "2013-05-10T00:00:00", "id": "SECURITYVULNS:DOC:29396", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29396", "title": "[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2013-4322"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2013-4322 Incomplete fix for CVE-2012-3544 &#40;Denial of Service&#41;\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5\r\n- - Apache Tomcat 7.0.0 to 7.0.47\r\n- - Apache Tomcat 6.0.0 to 6.0.37\r\n\r\nDescription:\r\nThe fix for CVE-2012-3544 was not complete. It did not cover the\r\nfollowing cases:\r\na&#41; Chunk extensions were not limited\r\nb&#41; Whitespace after the : in a trailing header was not limited\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Upgrade to Apache Tomcat 8.0.0-RC10 or later\r\n &#40;8.0.0-RC6 to 8.0.0-RC9 contain the fix but were not released&#41;\r\n- - Upgrade to Apache Tomcat 7.0.50 or later\r\n &#40;7.0.48 to 7.0.49 contain the fix but were not released&#41;\r\n- - Upgrade to Apache Tomcat 6.0.39 or later\r\n &#40;6.0.38 contains the fix but was not released&#41;\r\n\r\nCredit:\r\nThis issue was partly identified by the Apache Tomcat security team and\r\nparty by Saran Neti of TELUS Security Labs.\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security-8.html\r\n[2] http://tomcat.apache.org/security-7.html\r\n[3] http://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJTDHxCAAoJEBDAHFovYFnnAtcP/0U8NgjCuhFBps1tAIqAa+ty\r\nnLMYz3rgxHcY9ClWrJEBgGiIGb2wDQfylNsWR67PF/ue6yhLf+Bu5xs858Thr8V1\r\n98ODkrQemNc9dcIdLJaRcSo05vzNCEN3v4vR9cpPpQpW8TB9y8L1HXmZEiGkM7ZD\r\nnwa6E6GDJizkwR+3Qs11r3tAxNAHPn611EYajYLf7+4vPLqgV4GOx2/D7ol/wTm0\r\n3BM15VZjTtlHqrtghUOdXYEzoXwR9BKMVoMtED3e++5i0vCuvvLToxTJ6jI/QjjE\r\nUNm/hrfZK5ro3d+rzjOboLXIooAksK3A5UXxlvRi26ZgP3Nd0y8dN925WWfg2jXX\r\nV1saa+42vpI6g4NcINIbFnBqfPdM/xKSIuyyXDmmTF2rUHQftcToLikzmSDZlm4c\r\nedTyL+A4FcbEq8uymXwE/iA9KKa3PDcZheUw07YALp9JhFI6rfQT472cUavfNcGy\r\nh0nxkHg2hU4yUBPm2PSyoTAokkjhDgRvGgX0hA3ljSi0SpHyTwPfoUIwUb+Emgmb\r\nVk00OJRJGtZs/GAL0TCd+LW96664Tx9oAqvgcLA3dZwLk94ivD5SC3Rl9xlyd4lF\r\ncgLCOvzwxHcAh7syNd8orWjmyZsJ1vVqGoL1waK1hl1AQNxoJRfDixSlNjchpBxO\r\ntCLvVC7UbgC0PFda+7kL\r\n=Hzxr\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:DOC:30327", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30327", "title": "[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 &#40;Denial of Service&#41;", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-2733", "CVE-2012-5886", "CVE-2012-5885"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1637-1\r\nNovember 21, 2012\r\n\r\ntomcat6 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Apache Tomcat.\r\n\r\nSoftware Description:\r\n- tomcat6: Servlet and JSP engine\r\n\r\nDetails:\r\n\r\nIt was discovered that the Apache Tomcat HTTP NIO connector incorrectly\r\nhandled header data. A remote attacker could cause a denial of service by\r\nsending requests with a large amount of header data. &#40;CVE-2012-2733&#41;\r\n\r\nIt was discovered that Apache Tomcat incorrectly handled DIGEST\r\nauthentication. A remote attacker could possibly use these flaws to perform\r\na replay attack and bypass authentication. &#40;CVE-2012-5885, CVE-2012-5886,\r\nCVE-2012-5887&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libtomcat6-java 6.0.35-1ubuntu3.1\r\n\r\nUbuntu 11.10:\r\n libtomcat6-java 6.0.32-5ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n libtomcat6-java 6.0.24-2ubuntu1.11\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1637-1\r\n CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886,\r\n CVE-2012-5887\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.32-5ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.11\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-11-26T00:00:00", "published": "2012-11-26T00:00:00", "id": "SECURITYVULNS:DOC:28773", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28773", "title": "[USN-1637-1] Tomcat vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:42:41", "description": "BUGTRAQ ID: 59798\r\nCVE(CAN) ID: CVE-2013-2071\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nTomcat 7.0.0 - 7.0.39\u5185\uff0cAsyncListener\u7684onComplete\u5728\u6267\u884c\u67d0\u4e9b\u60c5\u51b5\u4e0b\u7684\u8bf7\u6c42\u7ba1\u7406\u65f6\u5b58\u5728\u8fd0\u884c\u65f6\u5f02\u5e38\uff0corg.apache.catalina.connector.Request\u4f1a\u56e0\u6b64\u4e0d\u518d\u5faa\u73af\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\r\n0\r\nApache Group Tomcat 7.0.0 - 7.0.39\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://jakarta.apache.org/tomcat/index.html", "published": "2013-05-17T00:00:00", "title": "Apache Tomcat \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2013-2071)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2071"], "modified": "2013-05-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60787", "id": "SSV:60787", "sourceData": "", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:48:25", "description": "BUGTRAQ ID: 56403\r\nCVE ID: CVE-2012-3439\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat 7.0.0-7.0.27\u30016.0.0-6.0.35\u30015.5.0-5.5.35\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u5141\u8bb8\u653b\u51fb\u8005\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u3002\r\n0\r\nApache Group Tomcat 7.x\r\nApache Group Tomcat 6.x\r\nApache Group Tomcat 5.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u8bf7\u66f4\u65b0\u52305.5.36\u30016.0.36\u30017.0.30\r\n\r\nAnnouncement2.2\uff1aApache HTTP Server 2.2.23 Released\r\n\r\n\u94fe\u63a5\uff1ahttp://www.apache.org/dist/httpd/Announcement2.2.html", "published": "2012-11-07T00:00:00", "title": "Apache Tomcat DIGEST\u8eab\u4efd\u9a8c\u8bc1\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e(CVE-2012-3439)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3439"], "modified": "2012-11-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60454", "id": "SSV:60454", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:48:22", "description": "BUGTRAQ ID: 56814\r\nCVE(CAN) ID: CVE-2012-4431\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nTomcat v7.0.31\u30016.0.35\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c\uff0c\u8bbf\u95ee\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u3002\n0\nApache Group Tomcat 7.0.0 - 7.0.29\r\nApache Group Tomcat 6.0.0 - 6.0.35\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\u66f4\u9ad8\u7248\u672c\u3002\r\n\r\n\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html", "published": "2012-12-07T00:00:00", "title": "Apache Tomcat \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-4431"], "modified": "2012-12-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60497", "id": "SSV:60497", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "redhat": [{"lastseen": "2019-08-13T18:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3499", "CVE-2012-3544", "CVE-2012-4558", "CVE-2013-2067", "CVE-2013-2071"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module's manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user's manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim's browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker's requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user's request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.", "modified": "2018-06-07T02:42:47", "published": "2013-07-03T19:40:17", "id": "RHSA-2013:1012", "href": "https://access.redhat.com/errata/RHSA-2013:1012", "type": "redhat", "title": "(RHSA-2013:1012) Moderate: Red Hat JBoss Web Server 2.0.1 update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3499", "CVE-2012-3544", "CVE-2012-4558", "CVE-2013-2067", "CVE-2013-2071"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module's manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user's manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim's browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker's requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user's request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.\n", "modified": "2018-08-09T19:46:59", "published": "2013-07-03T04:00:00", "id": "RHSA-2013:1011", "href": "https://access.redhat.com/errata/RHSA-2013:1011", "type": "redhat", "title": "(RHSA-2013:1011) Moderate: Red Hat JBoss Web Server 2.0.1 update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2013-02-20T01:29:27", "id": "RHSA-2013:0266", "href": "https://access.redhat.com/errata/RHSA-2013:0266", "type": "redhat", "title": "(RHSA-2013:0266) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:34:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2018-06-07T02:42:48", "published": "2013-02-20T01:28:50", "id": "RHSA-2013:0265", "href": "https://access.redhat.com/errata/RHSA-2013:0265", "type": "redhat", "title": "(RHSA-2013:0265) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3546", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:31", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0623", "href": "https://access.redhat.com/errata/RHSA-2013:0623", "type": "redhat", "title": "(RHSA-2013:0623) Important: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthis issue. Tomcat must be restarted for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2013-02-20T01:31:14", "id": "RHSA-2013:0268", "href": "https://access.redhat.com/errata/RHSA-2013:0268", "type": "redhat", "title": "(RHSA-2013:0268) Moderate: tomcat7 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T14:33:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2018-06-07T02:42:48", "published": "2013-02-20T01:30:19", "id": "RHSA-2013:0267", "href": "https://access.redhat.com/errata/RHSA-2013:0267", "type": "redhat", "title": "(RHSA-2013:0267) Moderate: tomcat7 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.41\"\n \n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.56\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2014-12-15T00:00:00", "id": "GLSA-201412-29", "href": "https://security.gentoo.org/glsa/201412-29", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "[0:6.0.24-52]\n- Related: rhbz 882010 rhbz 883692 rhbz 883705\n- Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate\n- to avoid building on ppc64, ppc, and x390x.\n[0:6.0.24-50]\n- Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887\n- three DIGEST authentication issues\n- Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using\n- SSL NIO sendfile\n- Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints", "edition": 4, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "ELSA-2013-0623", "href": "http://linux.oracle.com/errata/ELSA-2013-0623.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "[0:5.5.23-0jpp.38]\n- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication\n- implementation\n- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.\n- Remove unneeded handling of FORM authentication in RealmBase", "edition": 4, "modified": "2013-03-12T00:00:00", "published": "2013-03-12T00:00:00", "id": "ELSA-2013-0640", "href": "http://linux.oracle.com/errata/ELSA-2013-0640.html", "title": "tomcat5 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "vmware": [{"lastseen": "2019-11-06T16:05:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3080", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-3079", "CVE-2013-3107", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "a. vCenter Server AD anonymous LDAP binding credential by-pass \n \nvCenter Server when deployed in an environment that uses Active Directory (AD) with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name and a blank password may be successful even if a non-blank password is required for the account. \nThe issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP binding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by removing the possibility to authenticate using blank passwords. This change in the authentication mechanism is present regardless if anonymous binding is enabled or not. \n**Workaround** \nThe workaround is to discontinue the use of AD anonymous LDAP binding if it is enabled in your environment. AD anonymous LDAP binding is not enabled by default. The TechNet article listed in the references section explains how to check for anonymous binding (look for \"anonymous binding\" in the article: anonymous binding is enabled if the seventh bit of the dsHeuristics attribute is set to 2) \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3107 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2013-10-17T00:00:00", "published": "2013-04-25T00:00:00", "id": "VMSA-2013-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2013-0006.html", "title": "VMware security updates for vCenter Server", "type": "vmware", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:08", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0623\n\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031678.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0623.html", "edition": 4, "modified": "2013-03-12T05:31:44", "published": "2013-03-12T05:31:44", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031678.html", "id": "CESA-2013:0623", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431"], "description": "\nThe Apache Software Foundation reports:\n\nThe CSRF prevention filter could be bypassed if a request was made to a\n\t protected resource without a session identifier present in the request.\n\n", "edition": 5, "modified": "2017-03-18T00:00:00", "published": "2012-12-04T00:00:00", "id": "953911FE-51EF-11E2-8E34-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/953911fe-51ef-11e2-8e34-0022156e8794.html", "title": "tomcat -- bypass of CSRF prevention filter", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}