DATABASE RESOURCES PRICING ABOUT US

{"id": "ATLASSIAN:JRASERVER-65102", "vendorId": null, "type": "atlassian", "bulletinFamily": "software", "title": "Update bundled Apache Tomcat due to security vulnerabilities", "description": "* Apache has released the Apache Software Foundation Releases Security Updates:\r\n * [https://www.us-cert.gov/ncas/current-activity/2017/04/12/Apache-Software-Foundation-Releases-Security-Updates]\r\n\r\nThere are a few vulnerabilities reported:\r\n # CVE-2017-5648 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C8a78e8fe-616e-1959-3c0e-26704fc72766@apache.org%3E]\r\n # CVE-2017-5650 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C6d8077ef-1bcb-d07b-0bd0-f70ab0043faf@apache.org%3E]\r\n # CVE-2017-5651 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C63a584ba-4db7-85d3-0206-c1164b9d26c6@apache.org%3E]\r\n # CVE-2016-6817 - [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817]\r\n # CVE-2016-6816 - [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816]\r\n\r\nFor\u00a0CVE-2017-5650 and\u00a0CVE-2017-5651, the Severity is Important and:\r\n{quote}Versions Affected:\r\n * *Apache Tomcat 9.0.0.M1 to 9.0.0.M18*\r\n * *Apache Tomcat 8.5.0 to 8.5.12*\r\n * Apache Tomcat 8.0.x and earlier are not affected{quote}\r\n{quote}Users of the affected versions should apply one of the following\r\n mitigations:\r\n * *Upgrade to Apache Tomcat 9.0.0.M19 or later*\r\n * *Upgrade to Apache Tomcat 8.5.13 or later*{quote}\r\n(+) Moving forward, fix versions of JIRA should be bundled with Tomcat 8.5.13/9.0.0.M19 or above.\r\nh5. Workaround\r\n\r\nIf Tomcat is to be manually upgraded, please refer to [How to upgrade Apache Tomcat version in JIRA 7.x|https://confluence.atlassian.com/display/JIRAKB/How+to+upgrade+Apache+Tomcat+version+in+JIRA+7.x]. Currently Tomcat 8.5.13 and 8.5.14 are available.\r\n\r\n(!) Manually upgrading Tomcat is not recommended or supported.", "published": "2017-04-17T08:48:35", "modified": "2020-05-22T08:24:46", "epss": [{"cve": "CVE-2018-1304", "epss": 0.00312, "percentile": 0.66777, "modified": "2023-11-13"}, {"cve": "CVE-2016-8745", "epss": 0.00918, "percentile": 0.8105, "modified": "2023-11-13"}, {"cve": "CVE-2017-7675", "epss": 0.00177, "percentile": 0.54713, "modified": "2023-11-13"}, {"cve": "CVE-2018-1305", "epss": 0.0012, "percentile": 0.46067, "modified": "2023-11-13"}, {"cve": "CVE-2016-6816", "epss": 0.00262, "percentile": 0.63676, "modified": "2023-11-13"}, {"cve": "CVE-2017-12615", "epss": 0.96837, "percentile": 0.996, "modified": "2023-11-13"}, {"cve": "CVE-2017-5651", "epss": 0.0027, "percentile": 0.64213, "modified": "2023-11-13"}, {"cve": "CVE-2017-5647", "epss": 0.00283, "percentile": 0.65105, "modified": "2023-11-13"}, {"cve": "CVE-2016-6817", "epss": 0.03537, "percentile": 0.90542, "modified": "2023-11-13"}, {"cve": "CVE-2016-8735", "epss": 0.28653, "percentile": 0.9637, "modified": "2023-11-13"}, {"cve": "CVE-2017-5648", "epss": 0.00356, "percentile": 0.6895, "modified": "2023-11-13"}, {"cve": "CVE-2017-5650", "epss": 0.86329, "percentile": 0.98272, "modified": "2023-11-13"}, {"cve": "CVE-2017-12617", "epss": 0.9747, "percentile": 0.99958, "modified": "2023-11-13"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://jira.atlassian.com/browse/JRASERVER-65102", "reporter": "astephen@atlassian.com", "references": [], "cvelist": ["CVE-2018-1304", "CVE-2016-8745", "CVE-2017-7675", "CVE-2018-1305", "CVE-2016-6816", "CVE-2017-12615", "CVE-2017-5651", "CVE-2017-5647", "CVE-2016-6817", "CVE-2016-8735", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-12617"], "immutableFields": [], "lastseen": "2021-07-28T14:40:39", "viewCount": 127, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778", "ALAS-2017-796", "ALAS-2017-810", "ALAS-2017-821", "ALAS-2017-822", "ALAS-2017-873", "ALAS-2017-913", "ALAS-2018-972", "ALAS-2018-973", "ALAS2-2020-1402"]}, {"type": "archlinux", "idList": ["ASA-201611-22"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-64394", "JRASERVER-64394", "JRASERVER-65102"]}, {"type": "attackerkb", "idList": ["AKB:CC9CD3C9-B8CC-456B-9B8A-33A1EB9498E9", "AKB:D91AE5D0-67DF-4E98-925D-B730FC5F2045", "AKB:FB7A5D0C-BAF5-4201-84E2-8066FDE6AE92"]}, {"type": "avleonov", "idList": ["AVLEONOV:54F79F8B5C71E738DB16AEA2DF8FFD2F"]}, {"type": "canvas", "idList": ["TOMCAT_FILE_UPLOAD"]}, {"type": "centos", "idList": ["CESA-2017:0527", "CESA-2017:0935", "CESA-2017:1809", "CESA-2017:3080", "CESA-2017:3081", "CESA-2019:2205"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0968", "CPAI-2017-0779", "CPAI-2017-0827"]}, {"type": "cisa", "idList": ["CISA:6A3DB540F84D34B9BB99751624D91DB9", "CISA:7002237FF23A15D3709B055A5AF4ED89", "CISA:9066702332FCD5766AB41E06EAD9991B"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2016-8735", "CISA-KEV-CVE-2017-12615", "CISA-KEV-CVE-2017-12617"]}, {"type": "cve", "idList": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735", "CVE-2016-8745", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651", "CVE-2017-6056", "CVE-2017-7675", "CVE-2018-1304", "CVE-2018-1305"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1166-1:E77EB", "DEBIAN:DLA-1301-1:149F1", "DEBIAN:DLA-1301-1:BE1F2", "DEBIAN:DLA-1400-1:35C3A", "DEBIAN:DLA-1400-1:B4EC8", "DEBIAN:DLA-1450-1:A5949", "DEBIAN:DLA-728-1:A9D65", "DEBIAN:DLA-728-1:ECD0E", "DEBIAN:DLA-729-1:1B0B9", "DEBIAN:DLA-729-1:E931B", "DEBIAN:DLA-779-1:56F21", "DEBIAN:DLA-779-1:8029E", "DEBIAN:DLA-924-1:68694", "DEBIAN:DLA-924-1:83322", "DEBIAN:DLA-924-2:C1101", "DEBIAN:DLA-924-2:CBAD6", "DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3738-1:EB221", "DEBIAN:DSA-3739-1:06429", "DEBIAN:DSA-3739-1:1BDAB", "DEBIAN:DSA-3754-1:21A99", "DEBIAN:DSA-3755-1:60CC8", "DEBIAN:DSA-3842-1:1036A", "DEBIAN:DSA-3842-1:DA193", "DEBIAN:DSA-3843-1:1AF3C", "DEBIAN:DSA-3843-1:ECCB8", "DEBIAN:DSA-3974-1:5C8AA", "DEBIAN:DSA-3974-1:B0CB8", "DEBIAN:DSA-4281-1:42CC4", "DEBIAN:DSA-4281-1:EC541"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-6816", "DEBIANCVE:CVE-2016-6817", "DEBIANCVE:CVE-2016-8735", "DEBIANCVE:CVE-2016-8745", "DEBIANCVE:CVE-2017-12615", "DEBIANCVE:CVE-2017-12617", "DEBIANCVE:CVE-2017-5647", "DEBIANCVE:CVE-2017-5648", "DEBIANCVE:CVE-2017-5650", "DEBIANCVE:CVE-2017-5651", "DEBIANCVE:CVE-2017-6056", "DEBIANCVE:CVE-2017-7675", "DEBIANCVE:CVE-2018-1304", "DEBIANCVE:CVE-2018-1305"]}, {"type": "dsquare", "idList": ["E-627"]}, {"type": "exploitdb", "idList": ["EDB-ID:41783", "EDB-ID:42953", "EDB-ID:42966", "EDB-ID:43008"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1FA29992905DF6DC8A86680F66930B75", "EXPLOITPACK:28422BD346C315BD9B02E4A18C1B9B0A", "EXPLOITPACK:31B3E3F4C5EABC55DF384007CB11320A"]}, {"type": "f5", "idList": ["F5:K04623854", "F5:K05940857", "F5:K32051722", "F5:K37337112", "F5:K41385746", "F5:K49000195", "F5:K49160100", "F5:K49820145", "F5:K50116122", "F5:K53173544", "F5:K82455382", "F5:K85088617", "F5:K92665308", "SOL49160100", "SOL49820145", "SOL50116122"]}, {"type": "fedora", "idList": ["FEDORA:0B919601CE4F", "FEDORA:125286087B00", "FEDORA:1DA54604D2A3", "FEDORA:1F62B61673C2", "FEDORA:361D5605D56D", "FEDORA:399E16057156", "FEDORA:3F80D6061813", "FEDORA:56B6D627AE59", "FEDORA:8CEB2616D980", "FEDORA:91D5F606E7CE", "FEDORA:A7FE360648D0", "FEDORA:DB25A6083B5B", "FEDORA:E150A6395ADF"]}, {"type": "fortinet", "idList": ["FG-IR-17-251"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5", "22BC5327-F33F-11E8-BE46-0019DBB15B3F", "55C4233E-1844-11E8-A712-0025908740C2", "C0DAE634-4820-4505-850D-B1C975D0F67D", "E5EC2767-D529-11E6-AE1B-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201705-09"]}, {"type": "github", "idList": ["GHSA-3GV7-3H64-78CM", "GHSA-3VX3-XF6Q-R5XP", "GHSA-68G5-8Q7F-M384", "GHSA-698C-2X4J-G9GQ", "GHSA-6RXJ-58JH-436R", "GHSA-9785-W233-X6HV", "GHSA-9HG2-395J-83RM", "GHSA-JC7P-5R39-9477", "GHSA-JX6H-3FJX-CGV5", "GHSA-PJFR-QF3P-3Q25", "GHSA-W3J5-Q8F2-3CQQ", "GHSA-XJGH-84HX-56C5"]}, {"type": "hackerone", "idList": ["H1:244459", "H1:648434"]}, {"type": "ibm", "idList": ["029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "06DE81C34BCC037C425D4880FEE00C839756BAEBF07AE79D786A78C384E9210B", "094209EDEC8B37637B8251F93300254F3CB8A73BBEAEB408BCC7398BD0A7B644", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "0F43BB36AD1D0D815B83F74EC5F61DCBB6C382A430E1F7C0D57C2E7E33AC6700", "1409C02B1D07812FF8BC0B202320AD8441505D81CE1403B52DD1807D10185AED", "1B74BFFA104DFD8C7A98019F0B286E3C79CCA4E32049B990AADF56A962E80A29", "1E16A210BFCB05B57E65B2AAFBC51A0BC6A522B2FF7818A99A228BC4A27249D2", "219D23DAB6D7EED6140DB01019ADA2A19ECEF81B9513870787828621344C3705", "22F280C87C2DA326587B77F5C04302AF74B311DC98D205B86DBBD55637C36897", "268E74C4C7CDEBD7A8D03B7DAAAA99401A5A8F383B6A8DFA279CDFA1A14E0C8B", "28A18420E3649FDF858FD17E31DB05BBDD69C54F5D7556386C5774F6FC5E065D", "29DBB9F1E2675C7D11CD51CF8077BB360E608001AE72FD3BD0BEA1D3E8553096", "2CBE7361263A50B080D6B470AE343AB65387E0B6C41ED2D3AF96DA4290CB41EA", "3015D00A660A14DB8D44C42453895C066801E53B92123B25E2BB785356D6C003", "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "4250B3DD6EE0328D9C74AEF40742DE820FA06152EBCCE27DF8DD34DE016AB4B9", "42AE91380DCB3B179D17D9079FE0F75521810DC3E151069826D9442130A7A4DC", "4CE2962069C84188ED5C475A4FF9247D99A8E2652692C99799F35DF8DAE7F96C", "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "6B0A5599577E8CC081B38DC85FFC053A3E597118CD8108314778BA17EC91A265", "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "6E09E755E485134F5B801200B65962CFB77870EAF07A5CD52E95C9B7977E2D1F", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "70F04B9A5CE3FFBC33D36A32D999163F5334E04B121B116CCEE525F5C79AD71C", "7A6BB496FE26603B63F0FFBE8159DD77814309FC3C3D3A21AB2E75CCAF01DD1B", "7C5AE0ABE3DD2F1108DD6FF463EF32BB7DC664CA2965E84227C3A1DA4A214E45", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "7ED0FCE37A97F5F651B14591C6C6F1841EBCCDC87C436E30BE88838436EFE01A", "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "85861D4AF1E2B895DA9EEAC2B3BF2F2AB732A6FD5B0CCC36E9727CED5282ECCA", "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "862DE21935E08CE011776AE0869DAEB72B5EFD52BE874C5F268F71B0E813FB7C", "871A0564F000103EC07D1B9BC7B1DDE1427FEC3072CD636B9A5B83EE698D007E", "8F63BC3CF4FFE8E56809705C71F9763152D76451EDAADBD199902983B8AC2975", "911B260BE2232796652CC90FF5BDF6FC6CA63B6ECEF2872EF8B10DDFAF0B9A31", "93F376A33DAF2CAA98CBF6E0EBE1D85CAFA8457254A8255841887F4BAE5738F6", "9534FBA81D419F5E2702A5D0AC49A1619BA42EF0BDEAE97E0E5F96F56CE93084", "A9AB1978143F5EFD96539CC8EEDCDEAFE5ADC2636A91FD3B18CE75E08D1A2E03", "AAFBC906182DD485633ECB32BDE28F026BCB70599B1B63815C9A3816859E2F31", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "AEB01F289AFEC0EE6EB33EED93621C32AB1582CE16D5FC69974595B7A3F51A3E", "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "B192A38BFCB65C485CB834810BC072C9ED521B788476FAD8E67C2FE9EE26ACC2", "B38CC41D14408E3A9CA8CDF7A847F854B44445C246B3F7642F746F0F82E60651", "B38DBE38F17B5A514627DD6BBD5252176BA17D057FB3070D5C24522DD2CAEC6B", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "BFC19961F4B2A71B650F919D0D8075421D25957A36A4487C121AAA7C17E478AF", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "C96690DEF881CCA0853EE5C3F54128111325395935AA0E2DB7C408128203728A", "CB650C098E7F975732842DF3BA263EE87E1FC1874100FCC105AB0C9D8AA03627", "D12D4BA37401CEB11895561D471A9AE3CA7EAB842BCDE04258D6F9B744444396", "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D41C12FBC700B1C1A9A83784082394BE3AA1A560141066160B2FD4DDF6C14DD4", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D5ADF098FB3E5614108F7FCF78AA40B198A5F906A4707F01E1486D71B56D5BB5", "D86FE44D98DA7C28FEC89271CF14D0D0C5B622A5A310D188BADF3A8D121163C7", "D8BB0C04F4C87E1FB90E8BB3AE2E9667CC6668F2651561409DB510A8857B4220", "DA288A350C7FD9E9006127450A7E02E123711D8CC365FE69F4EC9703913A527F", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "DE6681F3E96F25F91AC2E2C017B6397791F3FF0C0012BA1B09E3DF70C14557D2", "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E27CF59C9E2E6C51C822E91F4392208E7D3759A654890A485CF9095C81FD8C05", "E2BB43D9DCFAAF1172FDDD2E46ECD410924036D49C8E4E9B1CB5312FDD5E81C8", "EA8553DAFF0C61751BCA11FBF65DA7AD70FBACC18027B10070942936A64799A5", "F6CDB4165F0815673E8D7DF5243F53D5969DA8F04AB124265C7114AE04637CC8", "FF237A2B8A96DCF9E25EBCBDDC887465982EFD610C8FCD6C7136B8E43763F1D4"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "kaspersky", "idList": ["KLA11106", "KLA11118", "KLA11203"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837", "KITPLOIT:5230099254245458698", "KITPLOIT:5420210148456420402", "KITPLOIT:7013881512724945934"]}, {"type": "mageia", "idList": ["MGASA-2016-0417", "MGASA-2017-0050", "MGASA-2017-0117", "MGASA-2017-0400", "MGASA-2018-0149"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789400"]}, {"type": "nessus", "idList": ["700057.PASL", "700668.PASL", "700674.PASL", "700691.PASL", "700702.PASL", "9906.PASL", "ACTIVEMQ_5_15_5.NASL", "AL2_ALAS-2020-1402.NASL", "ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "ALA_ALAS-2017-796.NASL", "ALA_ALAS-2017-810.NASL", "ALA_ALAS-2017-821.NASL", "ALA_ALAS-2017-822.NASL", "ALA_ALAS-2017-873.NASL", "ALA_ALAS-2017-913.NASL", "ALA_ALAS-2018-972.NASL", "ALA_ALAS-2018-973.NASL", "CENTOS_RHSA-2017-0527.NASL", "CENTOS_RHSA-2017-0935.NASL", "CENTOS_RHSA-2017-1809.NASL", "CENTOS_RHSA-2017-3080.NASL", "CENTOS_RHSA-2017-3081.NASL", "CENTOS_RHSA-2019-2205.NASL", "DEBIAN_DLA-1301.NASL", "DEBIAN_DLA-1450.NASL", "DEBIAN_DLA-728.NASL", "DEBIAN_DLA-729.NASL", "DEBIAN_DLA-779.NASL", "DEBIAN_DLA-924.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "DEBIAN_DSA-3754.NASL", "DEBIAN_DSA-3755.NASL", "DEBIAN_DSA-3842.NASL", "DEBIAN_DSA-3843.NASL", "DEBIAN_DSA-3974.NASL", "DEBIAN_DSA-4281.NASL", "EULEROS_SA-2017-1081.NASL", "EULEROS_SA-2017-1082.NASL", "EULEROS_SA-2017-1191.NASL", "EULEROS_SA-2017-1192.NASL", "EULEROS_SA-2017-1261.NASL", "EULEROS_SA-2017-1262.NASL", "EULEROS_SA-2019-1992.NASL", "EULEROS_SA-2019-2361.NASL", "EULEROS_SA-2019-2675.NASL", "F5_BIGIP_SOL50116122.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FEDORA_2017-0E64C4C186.NASL", "FEDORA_2017-19C5440ABE.NASL", "FEDORA_2017-376AE2B92C.NASL", "FEDORA_2017-5261BA4605.NASL", "FEDORA_2017-D5AA7C77D6.NASL", "FEDORA_2017-EBB76FC3C9.NASL", "FEDORA_2017-EF7C118DBC.NASL", "FEDORA_2017-F499EE7B12.NASL", "FEDORA_2018-50F0DA5D38.NASL", "FEDORA_2018-A233DAE4AB.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "FREEBSD_PKG_22BC5327F33F11E8BE460019DBB15B3F.NASL", "FREEBSD_PKG_55C4233E184411E8A7120025908740C2.NASL", "FREEBSD_PKG_C0DAE63448204505850DB1C975D0F67D.NASL", "FREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL", "GENTOO_GLSA-201705-09.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_4_3247.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "OPENSUSE-2016-1455.NASL", "OPENSUSE-2016-1456.NASL", "OPENSUSE-2017-1299.NASL", "OPENSUSE-2017-586.NASL", "OPENSUSE-2018-325.NASL", "ORACLELINUX_ELSA-2017-0527.NASL", "ORACLELINUX_ELSA-2017-0935.NASL", "ORACLELINUX_ELSA-2017-1809.NASL", "ORACLELINUX_ELSA-2017-3080.NASL", "ORACLELINUX_ELSA-2017-3081.NASL", "ORACLELINUX_ELSA-2019-2205.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_RDBMS_CPU_JAN_2018.NASL", "ORACLE_RDBMS_CPU_OCT_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL", "PHOTONOS_PHSA-2016-0011.NASL", "REDHAT-RHSA-2017-0244.NASL", "REDHAT-RHSA-2017-0245.NASL", "REDHAT-RHSA-2017-0246.NASL", "REDHAT-RHSA-2017-0250.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-0527.NASL", "REDHAT-RHSA-2017-0935.NASL", "REDHAT-RHSA-2017-1801.NASL", "REDHAT-RHSA-2017-1809.NASL", "REDHAT-RHSA-2017-2493.NASL", "REDHAT-RHSA-2017-3080.NASL", "REDHAT-RHSA-2017-3081.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2018-0268.NASL", "REDHAT-RHSA-2018-0270.NASL", "REDHAT-RHSA-2018-0275.NASL", "REDHAT-RHSA-2018-0466.NASL", "REDHAT-RHSA-2018-1448.NASL", "REDHAT-RHSA-2018-1449.NASL", "REDHAT-RHSA-2018-1451.NASL", "REDHAT-RHSA-2019-2205.NASL", "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "SL_20170412_TOMCAT_ON_SL7_X.NASL", "SL_20170727_TOMCAT_ON_SL7_X.NASL", "SL_20171030_TOMCAT6_ON_SL6_X.NASL", "SL_20171030_TOMCAT_ON_SL7_X.NASL", "SL_20190806_TOMCAT_ON_SL7_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2021-14705-1.NASL", "SYMANTEC_CONTENT_ANALYSIS_SYMSA1419.NASL", "TOMCAT_6_0_24.NASL", "TOMCAT_7_0_76.NASL", "TOMCAT_7_0_81.NASL", "TOMCAT_7_0_82.NASL", "TOMCAT_7_0_85.NASL", "TOMCAT_8_0_43.NASL", "TOMCAT_8_0_47.NASL", "TOMCAT_8_0_50.NASL", "TOMCAT_8_5_13.NASL", "TOMCAT_8_5_16.NASL", "TOMCAT_8_5_23.NASL", "TOMCAT_8_5_28.NASL", "TOMCAT_8_5_8.NASL", "TOMCAT_8_5_9.NASL", "TOMCAT_9_0_0_M22.NASL", "TOMCAT_9_0_1.NASL", "TOMCAT_9_0_5.NASL", "TOMCAT_PUT_JSP.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-3519-1.NASL", "UBUNTU_USN-3665-1.NASL", "UBUNTU_USN-4557-1.NASL", "VIRTUOZZO_VZLSA-2017-0527.NASL", "VIRTUOZZO_VZLSA-2017-0935.NASL", "VIRTUOZZO_VZLSA-2017-3080.NASL", "WEB_APPLICATION_SCANNING_112295", "WEB_APPLICATION_SCANNING_112301", "WEB_APPLICATION_SCANNING_112304", "WEB_APPLICATION_SCANNING_112310"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703738", "OPENVAS:1361412562310703739", "OPENVAS:1361412562310703754", "OPENVAS:1361412562310703755", "OPENVAS:1361412562310703842", "OPENVAS:1361412562310703843", "OPENVAS:1361412562310703974", "OPENVAS:1361412562310704281", "OPENVAS:1361412562310810717", "OPENVAS:1361412562310810718", "OPENVAS:1361412562310810730", "OPENVAS:1361412562310810762", "OPENVAS:1361412562310810763", "OPENVAS:1361412562310810764", "OPENVAS:1361412562310810765", "OPENVAS:1361412562310810766", "OPENVAS:1361412562310810767", "OPENVAS:1361412562310810966", "OPENVAS:1361412562310811294", "OPENVAS:1361412562310811296", "OPENVAS:1361412562310811297", "OPENVAS:1361412562310811299", "OPENVAS:1361412562310811701", "OPENVAS:1361412562310811702", "OPENVAS:1361412562310811845", "OPENVAS:1361412562310811854", "OPENVAS:1361412562310811871", "OPENVAS:1361412562310812057", "OPENVAS:1361412562310812058", "OPENVAS:1361412562310812784", "OPENVAS:1361412562310812785", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310843407", "OPENVAS:1361412562310843539", "OPENVAS:1361412562310851455", "OPENVAS:1361412562310851503", "OPENVAS:1361412562310851553", "OPENVAS:1361412562310851651", "OPENVAS:1361412562310871773", "OPENVAS:1361412562310871795", "OPENVAS:1361412562310871847", "OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:1361412562310872399", "OPENVAS:1361412562310872428", "OPENVAS:1361412562310872623", "OPENVAS:1361412562310872624", "OPENVAS:1361412562310873711", "OPENVAS:1361412562310873766", "OPENVAS:1361412562310874329", "OPENVAS:1361412562310874333", "OPENVAS:1361412562310882682", "OPENVAS:1361412562310882690", "OPENVAS:1361412562310882757", "OPENVAS:1361412562310882795", "OPENVAS:1361412562310882796", "OPENVAS:1361412562310890924", "OPENVAS:1361412562310891301", "OPENVAS:1361412562310891450", "OPENVAS:1361412562311220171081", "OPENVAS:1361412562311220171082", "OPENVAS:1361412562311220171191", "OPENVAS:1361412562311220171192", "OPENVAS:1361412562311220171261", "OPENVAS:1361412562311220171262", "OPENVAS:1361412562311220191992", "OPENVAS:1361412562311220192361", "OPENVAS:1361412562311220192675", "OPENVAS:703738", "OPENVAS:703739", "OPENVAS:703754", "OPENVAS:703755", "OPENVAS:703842", "OPENVAS:703843"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2018", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0527", "ELSA-2017-0935", "ELSA-2017-1809", "ELSA-2017-2247", "ELSA-2017-3080", "ELSA-2017-3081", "ELSA-2019-2205"]}, {"type": "osv", "idList": ["OSV:DLA-1301-1", "OSV:DLA-1400-1", "OSV:DLA-1400-2", "OSV:DLA-1450-1", "OSV:DLA-728-1", "OSV:DLA-729-1", "OSV:DLA-779-1", "OSV:DLA-924-1", "OSV:DLA-924-2", "OSV:DSA-3754-1", "OSV:DSA-3755-1", "OSV:DSA-3842-1", "OSV:DSA-3843-1", "OSV:DSA-3974-1", "OSV:GHSA-3GV7-3H64-78CM", "OSV:GHSA-3VX3-XF6Q-R5XP", "OSV:GHSA-68G5-8Q7F-M384", "OSV:GHSA-698C-2X4J-G9GQ", "OSV:GHSA-6RXJ-58JH-436R", "OSV:GHSA-9785-W233-X6HV", "OSV:GHSA-9HG2-395J-83RM", "OSV:GHSA-JC7P-5R39-9477", "OSV:GHSA-JX6H-3FJX-CGV5", "OSV:GHSA-PJFR-QF3P-3Q25", "OSV:GHSA-W3J5-Q8F2-3CQQ", "OSV:GHSA-XJGH-84HX-56C5"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141920", "PACKETSTORM:144502", "PACKETSTORM:144557", "PACKETSTORM:144591"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "photon", "idList": ["PHSA-2016-0011", "PHSA-2017-0078"]}, {"type": "prion", "idList": ["PRION:CVE-2017-12615", "PRION:CVE-2017-12617", "PRION:CVE-2017-5647", "PRION:CVE-2017-5648", "PRION:CVE-2017-5650", "PRION:CVE-2017-5651", "PRION:CVE-2017-6056", "PRION:CVE-2017-7675", "PRION:CVE-2018-1304", "PRION:CVE-2018-1305"]}, {"type": "redhat", "idList": ["RHSA-2017:0244", "RHSA-2017:0245", "RHSA-2017:0246", "RHSA-2017:0247", "RHSA-2017:0250", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0527", "RHSA-2017:0935", "RHSA-2017:1801", "RHSA-2017:1802", "RHSA-2017:1809", "RHSA-2017:2493", "RHSA-2017:2494", "RHSA-2017:3080", "RHSA-2017:3081", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2018:0268", "RHSA-2018:0269", "RHSA-2018:0270", "RHSA-2018:0271", "RHSA-2018:0275", "RHSA-2018:0465", "RHSA-2018:0466", "RHSA-2018:1320", "RHSA-2018:1447", "RHSA-2018:1448", "RHSA-2018:1449", "RHSA-2018:1450", "RHSA-2018:1451", "RHSA-2018:2939", "RHSA-2019:2205"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6816", "RH:CVE-2016-6817", "RH:CVE-2016-8735", "RH:CVE-2016-8745", "RH:CVE-2017-12615", "RH:CVE-2017-12617", "RH:CVE-2017-5647", "RH:CVE-2017-5648", "RH:CVE-2017-5650", "RH:CVE-2017-5651", "RH:CVE-2017-7675", "RH:CVE-2018-1304", "RH:CVE-2018-1305"]}, {"type": "seebug", "idList": ["SSV:92553", "SSV:92677", "SSV:92678", "SSV:96557", "SSV:96562", "SSV:96624", "SSV:97149"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3129-1", "OPENSUSE-SU-2016:3144-1", "OPENSUSE-SU-2017:1292-1", "OPENSUSE-SU-2017:3069-1", "SUSE-SU-2016:3079-1", "SUSE-SU-2016:3081-1", "SUSE-SU-2017:1229-1", "SUSE-SU-2017:1382-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1", "SUSE-SU-2017:3039-1", "SUSE-SU-2017:3059-1", "SUSE-SU-2017:3279-1"]}, {"type": "symantec", "idList": ["SMNTC-1419", "SMNTC-1463"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:96A25F981DD18505C101D0FC9DAA7B30"]}, {"type": "threatpost", "idList": ["THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "tomcat", "idList": ["TOMCAT:04B17AC8AF77559DCBF18136C84082B5", "TOMCAT:0DBA25EA40A6FEBF5FD9039D7F60718E", "TOMCAT:15FF6DF1B5DE765DF9A478C8E8034759", "TOMCAT:189A39640FA522088C95784425266AF0", "TOMCAT:1C47C49085ABB474BC344B6C3C40B71E", "TOMCAT:1CB3810E65438752A9D2B074EFE36CB9", "TOMCAT:2680AEFDC6753CA8A86BDC720F332BF2", "TOMCAT:2A8B5F1565D6A09E5FAEE407DF69CEDB", "TOMCAT:31F5F7BD3C4EE7FC79E738BF7D1111AB", "TOMCAT:36AC55F275AD6FE594625DBE3DFC1A1C", "TOMCAT:36D4E191E547319FD3247E3A223857AB", "TOMCAT:3CBB1DB49A12E6DB3A2FE5BA90985A75", "TOMCAT:42C9BA0FF681A3FD510F250A50526E04", "TOMCAT:5322371A63B432FEA04126BDF7D1223B", "TOMCAT:604E2DE63F4E10D22151D29C4D2E7487", "TOMCAT:636B29CDD200DF61776C597C016FE492", "TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B", "TOMCAT:83EBFA4095E1BC19531C4F80F79B499B", "TOMCAT:92F4F987FE8115B4DBA99C4C8576C363", "TOMCAT:9847C725903157955C24006319A678BF", "TOMCAT:9E43DA1677EA0537439D1A6D19A16EC5", "TOMCAT:A2A41E288752906867E2BBE07542F21C", "TOMCAT:A7D3DCFDE9F8C13D1A85F195595ACE5C", "TOMCAT:BA72E30DC027017AE2F20F86463B2D34", "TOMCAT:C7559D92C97B679818E34C1ECA3599F0", "TOMCAT:D72CBF1EC8D17C51BF9944C1A031DFF0", "TOMCAT:DA27CFA745026609962C185F86E4D285", "TOMCAT:DCB8C0E7C96DD2367CF48625F7A47EDF", "TOMCAT:E06724CCDE7336B7E4636921340F1155", "TOMCAT:E1DC6AFC3CA2A246D554966278B61DC6"]}, {"type": "ubuntu", "idList": ["USN-3177-1", "USN-3177-2", "USN-3519-1", "USN-3665-1", "USN-4557-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-6816", "UB:CVE-2016-6817", "UB:CVE-2016-8735", "UB:CVE-2016-8745", "UB:CVE-2017-12615", "UB:CVE-2017-12616", "UB:CVE-2017-12617", "UB:CVE-2017-5647", "UB:CVE-2017-5648", "UB:CVE-2017-5650", "UB:CVE-2017-5651", "UB:CVE-2017-6056", "UB:CVE-2017-7675", "UB:CVE-2018-1304", "UB:CVE-2018-1305"]}, {"type": "veracode", "idList": ["VERACODE:12289", "VERACODE:12594", "VERACODE:13434", "VERACODE:3110", "VERACODE:3596", "VERACODE:3871", "VERACODE:3874", "VERACODE:3875", "VERACODE:3876", "VERACODE:4900", "VERACODE:5140", "VERACODE:5851", "VERACODE:5856"]}, {"type": "zdt", "idList": ["1337DAY-ID-27485", "1337DAY-ID-28739", "1337DAY-ID-28759", "1337DAY-ID-28780"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778", "ALAS-2017-796", "ALAS-2017-810", "ALAS-2017-821", "ALAS-2017-822", "ALAS-2017-873", "ALAS-2017-913", "ALAS-2018-972", "ALAS-2018-973"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-64394"]}, {"type": "avleonov", "idList": ["AVLEONOV:54F79F8B5C71E738DB16AEA2DF8FFD2F"]}, {"type": "canvas", "idList": ["TOMCAT_FILE_UPLOAD"]}, {"type": "centos", "idList": ["CESA-2017:0527", "CESA-2017:0935", "CESA-2017:1809"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0968", "CPAI-2017-0779", "CPAI-2017-0827"]}, {"type": "cisa", "idList": ["CISA:6A3DB540F84D34B9BB99751624D91DB9", "CISA:7002237FF23A15D3709B055A5AF4ED89", "CISA:9066702332FCD5766AB41E06EAD9991B"]}, {"type": "cve", "idList": ["CVE-2016-6816", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1166-1:E77EB", "DEBIAN:DLA-1301-1:149F1", "DEBIAN:DLA-1400-1:35C3A", "DEBIAN:DLA-1450-1:A5949", "DEBIAN:DLA-779-1:8029E", "DEBIAN:DLA-924-1:68694", "DEBIAN:DLA-924-2:C1101", "DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3739-1:06429", "DEBIAN:DSA-3754-1:21A99", "DEBIAN:DSA-3755-1:60CC8", "DEBIAN:DSA-3842-1:1036A", "DEBIAN:DSA-3843-1:1AF3C", "DEBIAN:DSA-3974-1:B0CB8", "DEBIAN:DSA-4281-1:EC541"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-6816", "DEBIANCVE:CVE-2016-6817", "DEBIANCVE:CVE-2016-8745", "DEBIANCVE:CVE-2017-12615", "DEBIANCVE:CVE-2017-12617", "DEBIANCVE:CVE-2017-5647", "DEBIANCVE:CVE-2017-5648", "DEBIANCVE:CVE-2017-5650", "DEBIANCVE:CVE-2017-5651", "DEBIANCVE:CVE-2017-7675", "DEBIANCVE:CVE-2018-1304", "DEBIANCVE:CVE-2018-1305"]}, {"type": "dsquare", "idList": ["E-627"]}, {"type": "exploitdb", "idList": ["EDB-ID:41783", "EDB-ID:42953", "EDB-ID:42966"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:31B3E3F4C5EABC55DF384007CB11320A"]}, {"type": "f5", "idList": ["F5:K05940857", "F5:K32051722", "F5:K37337112", "F5:K41385746", "F5:K49000195", "F5:K49160100", "F5:K50116122", "F5:K53173544", "F5:K82455382", "F5:K85088617", "SOL49160100", "SOL49820145", "SOL50116122"]}, {"type": "fedora", "idList": ["FEDORA:0B919601CE4F", "FEDORA:125286087B00", "FEDORA:1DA54604D2A3", "FEDORA:1F62B61673C2", "FEDORA:361D5605D56D", "FEDORA:399E16057156", "FEDORA:3F80D6061813", "FEDORA:56B6D627AE59", "FEDORA:8CEB2616D980", "FEDORA:91D5F606E7CE", "FEDORA:A7FE360648D0", "FEDORA:DB25A6083B5B", "FEDORA:E150A6395ADF"]}, {"type": "fortinet", "idList": ["FG-IR-17-251"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5", "C0DAE634-4820-4505-850D-B1C975D0F67D", "E5EC2767-D529-11E6-AE1B-002590263BF5"]}, {"type": "github", "idList": ["GHSA-6RXJ-58JH-436R", "GHSA-JX6H-3FJX-CGV5", "GHSA-PJFR-QF3P-3Q25"]}, {"type": "githubexploit", "idList": ["B41082A1-4177-53E2-A74C-8ABA13AA3E86"]}, {"type": "hackerone", "idList": ["H1:648434"]}, {"type": "ibm", "idList": ["93F376A33DAF2CAA98CBF6E0EBE1D85CAFA8457254A8255841887F4BAE5738F6"]}, {"type": "kaspersky", "idList": ["KLA11106"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/TOMCAT_JSP_UPLOAD_BYPASS"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789400"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "ALA_ALAS-2017-796.NASL", "ALA_ALAS-2017-810.NASL", "ALA_ALAS-2017-821.NASL", "ALA_ALAS-2017-822.NASL", "CENTOS_RHSA-2017-0527.NASL", "CENTOS_RHSA-2017-0935.NASL", "DEBIAN_DLA-779.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "DEBIAN_DSA-3754.NASL", "DEBIAN_DSA-3755.NASL", "DEBIAN_DSA-3842.NASL", "DEBIAN_DSA-3843.NASL", "DEBIAN_DSA-3974.NASL", "EULEROS_SA-2017-1081.NASL", "EULEROS_SA-2017-1082.NASL", "F5_BIGIP_SOL50116122.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FEDORA_2017-19C5440ABE.NASL", "FEDORA_2017-376AE2B92C.NASL", "FEDORA_2017-5261BA4605.NASL", "FEDORA_2017-D5AA7C77D6.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "FREEBSD_PKG_C0DAE63448204505850DB1C975D0F67D.NASL", "FREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL", "OPENSUSE-2017-1299.NASL", "ORACLELINUX_ELSA-2017-0527.NASL", "ORACLELINUX_ELSA-2017-0935.NASL", "REDHAT-RHSA-2017-0244.NASL", "REDHAT-RHSA-2017-0246.NASL", "REDHAT-RHSA-2017-0250.NASL", "REDHAT-RHSA-2017-0527.NASL", "REDHAT-RHSA-2017-0935.NASL", "REDHAT-RHSA-2018-0275.NASL", "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "SL_20170412_TOMCAT_ON_SL7_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703738", "OPENVAS:1361412562310703739", "OPENVAS:1361412562310703974", "OPENVAS:1361412562310811294", "OPENVAS:1361412562310811296", "OPENVAS:1361412562310811297", "OPENVAS:1361412562310811299", "OPENVAS:1361412562310811701", "OPENVAS:1361412562310811702", "OPENVAS:1361412562310811845", "OPENVAS:1361412562310811854", "OPENVAS:1361412562310851651", "OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:1361412562310873711", "OPENVAS:1361412562310873766", "OPENVAS:1361412562310874329", "OPENVAS:1361412562310874333", "OPENVAS:1361412562310890924", "OPENVAS:1361412562310891301", "OPENVAS:703738", "OPENVAS:703739"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0527", "ELSA-2017-0935"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141920", "PACKETSTORM:144502", "PACKETSTORM:144557", "PACKETSTORM:144591"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "photon", "idList": ["PHSA-2016-0011"]}, {"type": "redhat", "idList": ["RHSA-2017:0247", "RHSA-2017:3080", "RHSA-2017:3081"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-1304", "RH:CVE-2018-1305"]}, {"type": "seebug", "idList": ["SSV:92677", "SSV:92678", "SSV:96557", "SSV:96562"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1229-1", "SUSE-SU-2017:3279-1"]}, {"type": "symantec", "idList": ["SMNTC-1419", "SMNTC-1463"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:96A25F981DD18505C101D0FC9DAA7B30"]}, {"type": "threatpost", "idList": ["THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "tomcat", "idList": ["TOMCAT:36AC55F275AD6FE594625DBE3DFC1A1C", "TOMCAT:DA27CFA745026609962C185F86E4D285"]}, {"type": "ubuntu", "idList": ["USN-3519-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-1304", "UB:CVE-2018-1305"]}, {"type": "zdt", "idList": ["1337DAY-ID-27485", "1337DAY-ID-28739", "1337DAY-ID-28780"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "jira server and data center", "version": 7}, {"name": "jira server and data center", "version": 7}, {"name": "jira server and data center", "version": 7}, {"name": "jira server and data center", "version": 7}]}, "epss": [{"cve": "CVE-2018-1304", "epss": "0.002960000", "percentile": "0.645430000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8745", "epss": "0.013460000", "percentile": "0.840440000", "modified": "2023-03-15"}, {"cve": "CVE-2017-7675", "epss": "0.002510000", "percentile": "0.612570000", "modified": "2023-03-15"}, {"cve": "CVE-2018-1305", "epss": "0.001010000", "percentile": "0.399990000", "modified": "2023-03-15"}, {"cve": "CVE-2016-6816", "epss": "0.002620000", "percentile": "0.621140000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12615", "epss": "0.974460000", "percentile": "0.998930000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5651", "epss": "0.004040000", "percentile": "0.696240000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5647", "epss": "0.004940000", "percentile": "0.725130000", "modified": "2023-03-15"}, {"cve": "CVE-2016-6817", "epss": "0.034760000", "percentile": "0.900390000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8735", "epss": "0.041200000", "percentile": "0.908140000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5648", "epss": "0.006200000", "percentile": "0.756060000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5650", "epss": "0.948370000", "percentile": "0.987770000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12617", "epss": "0.974990000", "percentile": "0.999530000", "modified": "2023-03-15"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1699909029, "score": 1699909626, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "3cfca1c834b33540d94d73250d92f8f2"}, "affectedSoftware": [{"name": "jira server and data center", "operator": "le", "version": "7.3.0"}, {"name": "jira server and data center", "operator": "lt", "version": "7.6.9"}, {"name": "jira server and data center", "operator": "lt", "version": "7.11.0"}, {"name": "jira server and data center", "operator": "le", "version": "7.3.4"}]}

{"atlassian": [{"lastseen": "2023-12-05T22:38:35", "description": "* Apache has released the Apache Software Foundation Releases Security Updates:\r\n * [https://www.us-cert.gov/ncas/current-activity/2017/04/12/Apache-Software-Foundation-Releases-Security-Updates]\r\n\r\nThere are a few vulnerabilities reported:\r\n # CVE-2017-5648 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C8a78e8fe-616e-1959-3c0e-26704fc72766@apache.org%3E]\r\n # CVE-2017-5650 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C6d8077ef-1bcb-d07b-0bd0-f70ab0043faf@apache.org%3E]\r\n # CVE-2017-5651 - [http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C63a584ba-4db7-85d3-0206-c1164b9d26c6@apache.org%3E]\r\n # CVE-2016-6817 - [https://vulners.com/cve/CVE-2016-6817]\r\n # CVE-2016-6816 - [https://vulners.com/cve/CVE-2016-6816]\r\n\r\nFor\u00a0CVE-2017-5650 and\u00a0CVE-2017-5651, the Severity is Important and:\r\n{quote}Versions Affected:\r\n * *Apache Tomcat 9.0.0.M1 to 9.0.0.M18*\r\n * *Apache Tomcat 8.5.0 to 8.5.12*\r\n * Apache Tomcat 8.0.x and earlier are not affected{quote}\r\n{quote}Users of the affected versions should apply one of the following\r\n mitigations:\r\n * *Upgrade to Apache Tomcat 9.0.0.M19 or later*\r\n * *Upgrade to Apache Tomcat 8.5.13 or later*{quote}\r\n(+) Moving forward, fix versions of JIRA should be bundled with Tomcat 8.5.13/9.0.0.M19 or above.\r\nh5. Workaround\r\n\r\nIf Tomcat is to be manually upgraded, please refer to [How to upgrade Apache Tomcat version in JIRA 7.x|https://confluence.atlassian.com/display/JIRAKB/How+to+upgrade+Apache+Tomcat+version+in+JIRA+7.x]. Currently Tomcat 8.5.13 and 8.5.14 are available.\r\n\r\n(!) Manually upgrading Tomcat is not recommended or supported.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-17T08:48:35", "type": "atlassian", "title": "Update bundled Apache Tomcat due to security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735", "CVE-2016-8745", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651", "CVE-2017-7675", "CVE-2018-1304", "CVE-2018-1305"], "modified": "2020-05-22T08:24:46", "id": "JRASERVER-65102", "href": "https://jira.atlassian.com/browse/JRASERVER-65102", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:40:49", "description": "Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9.\r\n\r\nCustomer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat patched with the latest security updates.\r\n\r\n*+Questions:+*\r\n# Is it in the road map to include latest Tomcat? If yes, from which version onwards?\r\n# Is there any steps which customer can follow to upgrade the bundled Tomcat from 8.5.6 to 8.5.12?", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-14T13:20:53", "type": "atlassian", "title": "Upgrade Tomcat to the version 8.5.29", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816", "CVE-2017-5651", "CVE-2017-5647", "CVE-2017-5650", "CVE-2017-12617"], "modified": "2020-05-22T08:23:01", "id": "ATLASSIAN:JRASERVER-64394", "href": "https://jira.atlassian.com/browse/JRASERVER-64394", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:38:04", "description": "Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9.\r\n\r\nCustomer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat patched with the latest security updates.\r\n\r\n*+Questions:+*\r\n# Is it in the road map to include latest Tomcat? If yes, from which version onwards?\r\n# Is there any steps which customer can follow to upgrade the bundled Tomcat from 8.5.6 to 8.5.12?", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-14T13:20:53", "type": "atlassian", "title": "Upgrade Tomcat to the version 8.5.29", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2020-05-22T08:23:01", "id": "JRASERVER-64394", "href": "https://jira.atlassian.com/browse/JRASERVER-64394", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-21T01:48:37", "description": "## Summary\n\nApache Tomcat is shipped as a component of RLKS Administration and Reporting Tool (RLKS ART) which contains multiple security vulnerabilities that could potentially impact ART.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5647_](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-5648_](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124399_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124399>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** _CVE-2017-5651_** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the send file processing that adds the invoked Processor to the cache twice. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124397_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124397>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-12615_](<https://vulners.com/cve/CVE-2017-12615>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132277_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132277>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2017-12617_](<https://vulners.com/cve/CVE-2017-12617>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132484_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions of the IBM RLKS Administration and Reporting Tool. \n\n * RLKS Administration and Reporting Tool version 8.1.4\n * RLKS Administration and Reporting Tool version 8.1.4.1\n * RLKS Administration and Reporting Tool version 8.1.4.2\n * RLKS Administration and Reporting Tool version 8.1.4.3\n * RLKS Administration and Reporting Tool version 8.1.4.4\n * RLKS Administration and Reporting Tool version 8.1.4.5\n * RLKS Administration and Reporting Tool version 8.1.4.6\n * RLKS Administration and Reporting Tool version 8.1.4.7\n * RLKS Administration and Reporting Tool version 8.1.4.8\n * RLKS Administration and Reporting Tool version 8.1.4.9\n\n## Remediation/Fixes\n\nFollow the instructions in [How to manually update Apache Tomcat?](<https://www.ibm.com/support/docview.wss?uid=swg21973649>) to upgrade to Apache Tomcat, version **7.0.82 or later**, where these vulnerabilities have been fixed.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:23:17", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM Rational License Key Server Administration and Reporting Tool", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5651"], "modified": "2018-06-17T05:23:17", "id": "06DE81C34BCC037C425D4880FEE00C839756BAEBF07AE79D786A78C384E9210B", "href": "https://www.ibm.com/support/pages/node/296249", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:51", "description": "## Summary\n\nIssues with Apache Tomcat Vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.\n\n## Remediation/Fixes\n\nFor IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to [IBM UrbanCode Deploy 6.2.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.3&platform=All&function=all>). \n\n\nFor IBM UrbanCode Deploy versions 6.1 to 6.1.3.3, upgrade the server to [IBM UrbanCode Deploy 6.1.3.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>).\n\nFor IBM UrbanCode Deploy versions 6.0 to 6.0.1.14, upgrade the server to [IBM UrbanCode Deploy 6.0.1.15](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.0.1.15&platform=All&function=all>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-15T22:00:02", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-11-15T22:00:02", "id": "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "href": "https://www.ibm.com/support/pages/node/619363", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:12", "description": "## Summary\n\nApache Tomcat vulnerability affects IBM Storwize V7000 Unified.\n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s) : None. \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:15", "type": "ibm", "title": "Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 )", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-18T00:32:15", "id": "029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "href": "https://www.ibm.com/support/pages/node/696927", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:25", "description": "## Summary\n\nJazz Reporting Service is shipped as a component of Rational Insight. Information about security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-8745](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119642> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124400> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2017-5648](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124399> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2017-5664](<https://vulners.com/cve/CVE-2017-5664>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126962> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Jazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Jazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\nConsult the security bulletin [Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service](<http://www-01.ibm.com/support/docview.wss?uid=swg22005873>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:22:46", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5664"], "modified": "2018-06-17T05:22:46", "id": "93F376A33DAF2CAA98CBF6E0EBE1D85CAFA8457254A8255841887F4BAE5738F6", "href": "https://www.ibm.com/support/pages/node/564559", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:48:24", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-8745](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119642> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124400> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2017-5648](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124399> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2017-5664](<https://vulners.com/cve/CVE-2017-5664>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126962> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology](<http://www-01.ibm.com/support/docview.wss?uid=swg21999760>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:22:45", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5664"], "modified": "2018-06-17T05:22:45", "id": "D12D4BA37401CEB11895561D471A9AE3CA7EAB842BCDE04258D6F9B744444396", "href": "https://www.ibm.com/support/pages/node/564555", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:49:25", "description": "## Summary\n\nJazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence (RRDI). Information about security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-8745](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119642> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124400> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2017-5648](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124399> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2017-5664](<https://vulners.com/cve/CVE-2017-5664>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126962> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 5.0, 5.0.1 and 5.0.2| Jazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\nConsult the security bulletin [Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service ](<http://www-01.ibm.com/support/docview.wss?uid=swg22005873>)for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:22:45", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5664"], "modified": "2018-06-17T05:22:45", "id": "42AE91380DCB3B179D17D9079FE0F75521810DC3E151069826D9442130A7A4DC", "href": "https://www.ibm.com/support/pages/node/564557", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:45:51", "description": "## Summary\n\nPrevious releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. \n\n## Vulnerability Details\n\n[CVE-ID: CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>) \nDescription: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139475_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n[CVE-ID: CVE-2017-5650](<https://vulners.com/cve/CVE-2017-5650>) \nDescription: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139476_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAll fixpacks of IBM UrbanCode Deploy 6.1 - 6.1.3.6 and IBM UrbanCode Deploy 6.2 - 6.2.4.0 are affected.\n\n## Remediation/Fixes\n\nUpgrade to [IBM UrbanCode Deploy 6.2.4.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.4.0&platform=All&function=all>) or later. If it is not possible to upgrade to 6.2.4.1, upgrade to [IBM UrbanCode Deploy 6.1.3.7](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-15T21:55:01", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2017-5647, CVE-2017-5650)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5650"], "modified": "2018-11-15T21:55:01", "id": "DE6681F3E96F25F91AC2E2C017B6397791F3FF0C0012BA1B09E3DF70C14557D2", "href": "https://www.ibm.com/support/pages/node/619447", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:25", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information, or allow a remote attacker to bypass security restrictions.\n\n## Vulnerability Details\n\nCVE-ID: CVE-2017-5647 \nDescription: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \nCVE-ID: CVE-2017-5648 \nDescription: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124399_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124399>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Algo One Core 4.9, 5.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nAlgo One Core| 490-232| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&amp;product=ibm/Information+Management/Algo+One&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=4.9.0.0-Algo-One-AlgoCore-if0232:0&amp;includeSupersedes=0&amp;source=fc&amp;login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-Algo-One-AlgoCore-if0232:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core| 500-378| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&amp;product=ibm/Information+Management/Algo+One&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=5.0.0.0-Algo-One-AlgoCore-if0378:0&amp;includeSupersedes=0&amp;source=fc&amp;login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-AlgoCore-if0378:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-15T23:48:10", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Core", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2018-06-15T23:48:10", "id": "B38CC41D14408E3A9CA8CDF7A847F854B44445C246B3F7642F746F0F82E60651", "href": "https://www.ibm.com/support/pages/node/297121", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:44:44", "description": "## Summary\n\nMultiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5648_](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124399_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124399>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2017-5647_](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nTADDM 7.2.2.0 - 7.2.2.5 \nTADDM 7.3.0.0 (TADDM 7.3.0.1-3 - not affected - using WebSphere Liberty Profile) \n\n## Remediation/Fixes\n\nThere are eFixes prepared on top of the latest released FixPack for each stream: \n\n**Fix**| **VRMF**| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_TADDM73_tomcat7077_201411291020_1.zip| 7.3.0.0| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM73_tomcat7077_201411291020_1.zip>) \nefix_TADDM722_tomcat7077_FP520160209.zip| 7.2.2.5 \n| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM722_tomcat7077_FP520160209.zip>) \n \nPlease get familiar with eFix readme in etc/&lt;efix_name&gt;_readme.txt \nNote that the eFix requires manual deletion of the external/apache-tomcat directory. \n\n## Workarounds and Mitigations\n\nThe solution is to upgrade TADDM to use Tomcat version 7.0.77 \n \neFixes are prepared on top of the latest FixPack release, but if there were any custom changes made in a previous version of Apache Tomcat, please reapply them after the upgrade is finished.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T15:40:29", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-5648, CVE-2017-5647)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2018-06-17T15:40:29", "id": "7C5AE0ABE3DD2F1108DD6FF463EF32BB7DC664CA2965E84227C3A1DA4A214E45", "href": "https://www.ibm.com/support/pages/node/560725", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:38:40", "description": "## Summary\n\nWebSphere Message Broker and IBM Integraton Bus have addressed the following vulnerabilities\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2017-12617_](<https://vulners.com/cve/CVE-2017-12617>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132484_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2017-12615_](<https://vulners.com/cve/CVE-2017-12615>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132277_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132277>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Integration Bus V9.0.0.0 - V9.0.0.9 \n\nIBM Integration Bus V10.0.0.0 - V10.0.0.10.\n\nWebSphere Message Broker V7.0.0.0 - V7.0.0.8\n\nWebSphere Message Broker V8.0.0.0 - V8.0.0.9\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Bus| V9.0.0.0 - V9.0.0.9| IT22679| The APAR is available in fix pack 9.0.0.10 \n**_<http://www-01.ibm.com/support/docview.wss?uid=swg24044363>_** \nIBM Integration Bus| V10.0.0.0 - V10.0.0.10| IT22679 | The APAR is available in fix pack 10.0.0.11 \n**_<http://www-01.ibm.com/support/docview.wss?uid=swg24044326>_** \nWebSphere Message Broker| V7.0.0.0 - V7.0.0.8| IT22679| For APAR IT22679, please contact IBM support \nWebSphere Message Broker| V8.0.0.0 - V8.0.0.9| IT22679| For APAR IT22679, please contact IBM support \n \n_Websphere Message Broker V7 and V8 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._ If you are an extended support customer and require a fix, this is available only for the latest fixpack (8.0.0.9) and (7.0.0.8). To obtain the fix contact IBM support. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: WebSphere Message Broker and IBM Integration Bus is affected by Open Source Apache Tomcat Vulnerabilities (CVE-2017-12617,CVE-2017-12615)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2020-03-23T20:41:52", "id": "871A0564F000103EC07D1B9BC7B1DDE1427FEC3072CD636B9A5B83EE698D007E", "href": "https://www.ibm.com/support/pages/node/301139", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:20", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache Tomcat.\n\n## Vulnerability Details\n\n \n**CVE-ID:** [CVE-2018-1323](<https://vulners.com/cve/CVE-2018-1323>) \n**Description:** Apache Tomcat JK ISAPI Connector could allow a remote attacker to obtain sensitive information, caused by the improper handling of HTTP request paths in jk_isapi_plugin.c. An attacker could exploit this vulnerability using the reverse proxy to expose application resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140213_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140213>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVE-ID**: [CVE-2018-1305](<https://vulners.com/cve/CVE-2018-1305>) \n**Description**: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139475_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVE-ID**: [CVE-2018-1304](<https://vulners.com/cve/CVE-2018-1304>) \n**Description**: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139476_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVE-ID**: [CVE-2017-15706](<https://vulners.com/cve/CVE-2017-15706>) \n**Description**: Apache _Tomcat_ could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the CGI _Servlet_ to identify which script to execute. The error resulted in the failure of some scripts to execute as expected and other scripts may have been executed unexpectedly. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138486_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138486>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2017-12617_](<https://vulners.com/cve/CVE-2017-12617>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132484_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2017-12616_](<https://vulners.com/cve/CVE-2017-12616>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when using VirtualDirContext. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass security constraints and view the source code of JSPs for resources. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132276_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132276>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2017-12615_](<https://vulners.com/cve/CVE-2017-12615>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error when running on Windows with HTTP PUTs enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132277_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132277>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform version 7.1\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Fix**| **Download URL** \n---|--- \nFor OpenPages GRC Platform **7.1.0.4** \n\\- Apply 7.1.0.4 Interim Fix 1 or later| [http://www.ibm.com/support/docview.wss?uid=swg24044731](<http://www-01.ibm.com/support/docview.wss?uid=swg24044731>) \n \nFor OpenPages GRC Platform v7.0.x customers, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \n\n\n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:49:25", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12616", "CVE-2017-12617", "CVE-2017-15706", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1323"], "modified": "2018-06-15T23:49:25", "id": "D41C12FBC700B1C1A9A83784082394BE3AA1A560141066160B2FD4DDF6C14DD4", "href": "https://www.ibm.com/support/pages/node/300911", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:35", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "href": "https://www.ibm.com/support/pages/node/289763", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:34", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\n \nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology](<https://www-01.ibm.com/support/docview.wss?uid=swg21997084>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:18:54", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:18:54", "id": "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "href": "https://www.ibm.com/support/pages/node/289075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:21", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to bypass security restrictions\n\n## Vulnerability Details\n\n**CVE-ID: CVE-2017-5647 \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVE-ID: CVE-2017-5648 \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124399_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124399>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVE-ID: CVE-2017-5664 \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126962>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2017-7674_](<https://vulners.com/cve/CVE-2017-7674>)** \nDESCRIPTION:** Apache Tomcat could provide weaker than expected security, caused by the failure to add an HTTP Vary header indicating that the response varies depending on Origin by the CORS Filter. A remote attacker could exploit this vulnerability to conduct client and server side cache poisoning. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/130248_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130248>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2017-7675_](<https://vulners.com/cve/CVE-2017-7675>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw in the HTTP/2 implementation. By using a specially-crafted URL, an attacker could exploit this vulnerability to bypass security restraints. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/130247_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130247>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAlgo One - Counterparty Credit Risk 5.0.0, 5.1.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nAlgo One - Counterparty Credit Risk| 500-384| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&amp;product=ibm/Information+Management/Algo+One&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=5.0.0.0-Algo-One-RTCE-RHEL-SOLX-if0384:0&amp;includeSupersedes=0&amp;source=fc&amp;login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-RTCE-RHEL-SOLX-if0384:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One - Counterparty Credit Risk| 510-297| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&amp;product=ibm/Information+Management/Algo+One&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=5.1.0.0-Algo-One-RTCE-RHEL-if0297:0&amp;includeSupersedes=0&amp;source=fc&amp;login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-One-RTCE-RHEL-if0297:0&includeSupersedes=0&source=fc&login=true>) \n \n## Workarounds and Mitigations\n\nInstall Apache Tomcat v7.0.79.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-15T23:48:53", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5664", "CVE-2017-7674", "CVE-2017-7675"], "modified": "2018-06-15T23:48:53", "id": "A9AB1978143F5EFD96539CC8EEDCDEAFE5ADC2636A91FD3B18CE75E08D1A2E03", "href": "https://www.ibm.com/support/pages/node/299505", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-12T18:18:27", "description": "## Summary\n\nThe Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rhapsody Design Manager (Rhapsody DM), Rational Software Architect Design Manager (RSA DM), Rational Team Concert (RTC), and Rational Quality Manager (RQM).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 4.0 - 6.0.3 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.3 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.3 \n \nRational DOORS Next Generation 4.0.1 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.3 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.3 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.3 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nIn order to get all the available security updates, upgrade your products to version **4.0.7** or **5.0.2** or **6.0.2** or **6.0.3**, apply the latest ifix, and then perform the following upgrade: \n\n\n * The fixes are in Apache Tomcat version 7.0.73 or later. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation.\n \n**Note:** If you cannot upgrade to 4.0.7 or 5.0.2 or 6.0.2 or 6.0.3, contact [IBM support](<https://www.ibm.com/support/servicerequest>) for guidance. \n. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-04-28T18:35:50", "id": "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "href": "https://www.ibm.com/support/pages/node/289331", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:22", "description": "## Summary\n\nThere are vulnerabilities (CVE-2016-8735, CVE-2016-6816) reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0 \nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2 \nWebSphere Cast Iron v 6.4.0.0, 6.4.0.1 \nWebSphere Cast Iron v 6.3.0.0, 6.3.0.1, 6.3.0.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.0.0 \n7.5.0.1 \n7.5.1.0| LI79413| [7.5.1.0-CUMUIFIX-006](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.scrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.vcrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-win,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-win,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.32bit.studio,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.studio,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.docker&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.0 \n7.0.0.1 \n7.0.0.2| LI79413| [7.0.0.2-CUMUIFIX-034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.scrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.vcrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-win,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-win,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.32bit.studio,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.0 \n6.4.0.1| LI79413| [6.4.0.1-CUMUIFIX-043](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.scrypt2,6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.vcrypt2,6.4.0.1-WS-WCI-20170125-1213_H5-CUMUIFIX-043.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.0 \n6.3.0.1 \n6.3.0.2| LI79413| [6.3.0.2-CUMUIFIX-024](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.scrypt2,6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.vcrypt2,6.3.0.2-WS-WCI-20170125-1127_H5-CUMUIFIX-024.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-11-18T13:57:34", "id": "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "href": "https://www.ibm.com/support/pages/node/292627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:32", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "href": "https://www.ibm.com/support/pages/node/289765", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T17:45:51", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:**[ CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See[ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM UrbanCode Release 6.2.0.0 - 6.2.1.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Release| 6.2.0.0 \n6.2.1.0 \n6.2.1.1 \n6.2.1.2| [6.2.1.3](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/UrbanCode+Release&release=6.2.1.0&platform=All&function=fixId&fixids=6.2.1.3-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T22:33:29", "id": "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "href": "https://www.ibm.com/support/pages/node/599281", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-14T17:53:40", "description": "## Summary\n\nThe Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-6056_](<https://vulners.com/cve/CVE-2017-6056>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID:** [_CVE-2016-8745_](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119642_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119642>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-5647_](<https://vulners.com/cve/CVE-2017-5647>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2017-5648_](<https://vulners.com/cve/CVE-2017-5648>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124399_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124399>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n** ** \n**CVEID:** [_CVE-2017-5664_](<https://vulners.com/cve/CVE-2017-5664>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126962>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 3.0.1 - 6.0.4 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.4 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.4 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.4 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.4 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.4 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n \n**Step 1**. \nApply the lates ifix to your installed product version: \n \nFor the 6.0 - 6.0.3 releases, upgrade to version 6.0.3 iFix5 or later \n\n * [_Rational Collaborative Lifecycle Management 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * [_Rational Team Concert 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.3&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.3&platform=All&function=all>)\n * [_Rational DOORS Next Generation 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.3&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.3 and install server from [_CLM 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.3 and install server from [_CLM 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.3 and install server from [_CLM 6.0.3 iFix5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n \nFor the 6.0 - 6.0.2 releases, upgrade to version 6.0.2 iFix11 or later \n\n * [_Rational Collaborative Lifecycle Management 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * [_Rational Team Concert 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.2&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.2&platform=All&function=all>)\n * [_Rational DOORS Next Generation 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.2&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix11_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases, upgrade to version 5.0.2 iFix22 or later \n * [_Rational Collaborative Lifecycle Management 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * [_Rational Team Concert 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=5.0.2&platform=All&function=all>)\n * [_Rational Quality Manager 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=5.0.2&platform=All&function=all>)\n * [_Rational DOORS Next Generation 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=5.0.2&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 5.0.2 and install server from [_CLM 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 5.0.2 and install server from [_CLM 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 5.0.2 and install server from [_CLM 5.0.2 iFix22_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n_ \n_For the 4.x releases, upgrade to version 4.0.7 iFix14 or later \n\n * [_Rational Collaborative Lifecycle Management 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * [_Rational Team Concert 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=4.0.7&platform=All&function=all>)\n * [_Rational Quality Manager 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FRational&product=ibm/Rational/Rational+Quality+Manager&release=4.0.7&platform=All&function=all>)\n * [_Rational DOORS Next Generation/Requirements Composer 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=4.0.7&platform=All&function=all>)\n * Rational Software Architect Design Manager: _ _Upgrade to version 4.0.7 and install server from [_CLM 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * Rational Rhapsody Design Manager: Upgrade to version 4.0.7 and install server from [_CLM 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager: Upgrade to version 4.0.7 and install server from [_CLM 4.0.7 iFix14_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n \n**Step 2: ** \nUpgrade your Apache Tomcat to **version 7.0.78 or later**. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation. \n \nFor any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \nIf the iFix is not found in the Fix Portal please contact IBM Support. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5664", "CVE-2017-6056"], "modified": "2021-04-28T18:35:50", "id": "29DBB9F1E2675C7D11CD51CF8077BB360E608001AE72FD3BD0BEA1D3E8553096", "href": "https://www.ibm.com/support/pages/node/293405", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:17", "description": "## Summary\n\nSome versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-1305_](<https://vulners.com/cve/CVE-2018-1305>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139475_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-1304_](<https://vulners.com/cve/CVE-2018-1304>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139476_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nRational DOORS Web Access: 9.5.1 - 9.5.1.9 \nRational DOORS Web Access: 9.5.2 - 9.5.2.8 \nRational DOORS Web Access: 9.6.0 - 9.6.0.7 \nRational DOORS Web Access: 9.6.1 - 9.6.1.10\n\n## Remediation/Fixes\n\nUpgrade to the version of Apache Tomcat shown in the table below. You can upgrade Apache Tomcat after installing Rational DOORS Web Access. \n\nThe following table presents Rational DOORS Web Access versions and the released versions of Apache Tomcat.\n\n**Rational DOORS Web Access**| **Apache Tomcat** \n---|--- \n9.5.1 - 9.5.1.9| [7.0.85](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.85/bin>) \n9.5.2 - 9.5.2.8| [7.0.85](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.85/bin>) \n9.6.0 - 9.6.0.7| [7.0.85](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.85/bin>) \n9.6.1 - 9.6.1.10| [7.0.85](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.85/bin>) \n_For versions of Rational DOORS Web Access that are earlier than version 9.5.1.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**Procedure:**\n\n 1. Download the required version of Apache Tomcat or later core zip file from the Apache or [Tomcat 7](<http://archive.apache.org/dist/tomcat/tomcat-7/>) Archive download site. For example: \napache-tomcat-7.0.85-windows-x64.zip \napache-tomcat-7.0.85-windows-x86.zip \napache-tomcat-7.0.85.tar.gz \n \n\n 2. Go to the Rational DOORS Web Access installation directory. \nFor example: \nC:\\Program Files\\IBM\\Rational\\DOORS Web Access\\9.version \n \n\n 3. Rename the **server** directory to **server.orig**. \n \n\n 4. Extract the downloaded Apache Tomcat core compressed file to **./server** in the Rational DOORS Web Access installation directory. \n \n\n 5. Delete the contents of the **./server/webapps** folder \n \n\n 6. Copy the following jar files from your **./server.orig/lib** directory to **./server/lib \n**commons-logging-1.1.x.jar \ndwa-catalina.jar \nlog4j-1.2.x.jar \nlog4j.properties \n \n\n 7. Remove the following jar files from the **./server/lib** directory \ntomcat7-websocket.jar \nwebsocket-api.jar \n \n\n 8. Copy your **./server.orig/festival** directory to **./server/festival**. \n \n\n 9. Copy the **./server.orig/conf/server.xml** file to **./server/conf/server.xml**. \n \n\n 10. Copy **./server.orig/webapps/*.war** to **./server/webapps**. \n \n\n 11. **Optional**: Copy any customized files from the **./server.orig** directory to **./server**. \n \n\n 12. **UNIX systems only:** Run the **./configure-festival.sh** command, as described in the help topic [Installing the web access server and the web access broker on Linux or Solaris systems](<https://www-01.ibm.com/support/knowledgecenter/SSYQBZ_9.6.0/com.ibm.rational.dwa.install.doc/topics/t_instdwasandbunix.html>). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-22T03:56:40", "type": "ibm", "title": "Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-06-22T03:56:40", "id": "9534FBA81D419F5E2702A5D0AC49A1619BA42EF0BDEAE97E0E5F96F56CE93084", "href": "https://www.ibm.com/support/pages/node/712175", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:44:37", "description": "## Summary\n\nPublic disclosed vulnerability from Apache Tomcat \n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-1305](<https://vulners.com/cve/CVE-2018-1305>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139475> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID: ** [CVE-2018-1304](<https://vulners.com/cve/CVE-2018-1304>)\n\n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139476> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nQRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-06T22:45:01", "type": "ibm", "title": "Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2019-02-06T22:45:01", "id": "22F280C87C2DA326587B77F5C04302AF74B311DC98D205B86DBBD55637C36897", "href": "https://www.ibm.com/support/pages/node/719117", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:41:31", "description": "## Summary\n\nApache Tomcat has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. \n\n## Vulnerability Details\n\n \n\n * This section includes the vulnerability details that affects the Rational Build Forge. \n\n**CVEID:** [_CVE-2018-1304_](<https://vulners.com/cve/CVE-2018-1304>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \n**CVSS Base Score**: 7.5 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139476> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-1305_](<https://vulners.com/cve/CVE-2018-1305>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \n**CVSS Base Score**: 7.5 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139475> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Rational Build Forge from 8.0.0.7.\n\n## Remediation/Fixes\n\nYou must download the Fix pack specified in the following table and apply it.\n\n * **Affected Supporting Product**\n| \n\n * **Remediation/Fix ** \n---|--- \n \n * IBM Rational Build Forge 8.0.0.7\n| Rational Build Forge 8.0.0.8 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.8&source=SAR>). \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T14:40:53", "type": "ibm", "title": "Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat (CVE-2018-1304 and CVE-2018-1305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2020-04-20T14:40:53", "id": "EA8553DAFF0C61751BCA11FBF65DA7AD70FBACC18027B10070942936A64799A5", "href": "https://www.ibm.com/support/pages/node/711845", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:46:25", "description": "## Summary\n\nPrevious releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. \n\n## Vulnerability Details\n\n[CVE-ID: CVE-2018-1305](<https://vulners.com/cve/CVE-2018-1305>) \nDescription: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139475_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n[CVE-ID: CVE-2018-1304](<https://vulners.com/cve/CVE-2018-1304>) \nDescription: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139476_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAll fixpacks of IBM UrbanCode Deploy 6.1 - 6.1.3.7 and 6.2 - 6.2.7.2 are affected.\n\n## Remediation/Fixes\n\nUpgrade to [IBM UrbanCode Deploy 6.2.7.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.7.0&platform=All&function=all>) or later, or upgrade to [IBM UrbanCode Deploy 6.1.3.8](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3.7&platform=All&function=all>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-25T20:45:01", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-10-25T20:45:01", "id": "3015D00A660A14DB8D44C42453895C066801E53B92123B25E2BB785356D6C003", "href": "https://www.ibm.com/support/pages/node/715491", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-12T21:34:15", "description": "## Summary\n\nThere are vulnerabilities in Apache Tomcat to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>) \n**DESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Products and Versions of FlashSystem V840\u2019s two node types \n** \n_Storage Node_ \n\u00b7 Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1 \n\u00b7 Code versions affected include supported VRMFs: \no 1.4.0.0 \u2013 1.4.5.1 \no 1.3.0.0 \u2013 1.3.0.6 \n \n_Controller Node _ \n\u00b7 MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n\u00b7 Code versions affected include supported VRMFs: \no 7.7.0.0 \u2013 7.7.1.5 \no 7.8.0.0 \u2013 7.8.0.1\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 &amp; \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, &amp; \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Storage Node VRMF __ \n_1.4 stream: 1.4.6.0 _ \n_1.3 stream: 1.3.0.7_ \n \n__Controller Node VRMF __ \n_7.7 stream: 7.7.1.6_ \n_7.8 stream: 7.8.0.2_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:32:46", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2018-06-18T00:32:46", "id": "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "href": "https://www.ibm.com/support/pages/node/697161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:08:37", "description": "## Summary\n\nThere are vulnerabilities in Apache Tomcat to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem\u2122 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager, \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>) \n**DESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nFlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. \n \nCode versions affected include supported VRMFs: \n\u00b7 1.4.0.0 \u2013 1.4.5.0 \n\u00b7 1.3.0.0 \u2013 1.3.0.6\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 &amp; \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 &amp; \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed code VRMF .__ \n_1.4 stream: 1.4.6.0 _ \n_1.3 stream: 1.3.0.7_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2023-02-18T01:45:50", "id": "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "href": "https://www.ibm.com/support/pages/node/697159", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:15", "description": "## Summary\n\nIBM WebSphere Cast Iron Solution has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5664_](<https://vulners.com/cve/CVE-2017-5664>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of specific HTTP request methods for static error pages by the Default Servlet error page mechanism. By sending a specially crafted GET request, an attacker could exploit this vulnerability to bypass HTTP method restrictions and cause the deletion or replacement of the target error page. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126962>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2017-5647_](<https://vulners.com/cve/CVE-2017-5647>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1305_](<https://vulners.com/cve/CVE-2018-1305>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139475_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-1304_](<https://vulners.com/cve/CVE-2018-1304>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139476_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n \n**CVEID:** [_CVE-2017-15706_](<https://vulners.com/cve/CVE-2017-15706>) \n**DESCRIPTION:** Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the CGI Servlet to identify which script to execute. The error resulted in the failure of some scripts to execute as expected and other scripts may have been executed unexpectedly. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138486_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138486>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2017-15698_](<https://vulners.com/cve/CVE-2017-15698>) \n**DESCRIPTION:** Apache Tomcat Native Connector could allow a remote attacker to bypass security restrictions, caused by the improper handling of fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. The parsing error resulted in the OCSP check being omitted and made it possible for client certificates that should have been rejected to be accepted. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138491_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138491>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n**CVEID:** [_CVE-2017-12616_](<https://vulners.com/cve/CVE-2017-12616>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when using VirtualDirContext. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass security constraints and view the source code of JSPs for resources. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132276_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132276>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2017-7674_](<https://vulners.com/cve/CVE-2017-7674>) \n**DESCRIPTION:** Apache Tomcat could provide weaker than expected security, caused by the failure to add an HTTP Vary header indicating that the response varies depending on Origin by the CORS Filter. A remote attacker could exploit this vulnerability to conduct client and server side cache poisoning. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/130248_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130248>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2017-7675_](<https://vulners.com/cve/CVE-2017-7675>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw in the HTTP/2 implementation. By using a specially-crafted URL, an attacker could exploit this vulnerability to bypass security restraints. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/130247_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130247>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0 \nWebSphere Cast Iron v 7.0.0.2, 7.0.0.1, 7.0.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance | 7.5.1.0 \n7.5.0.1 \n7.5.0.0 | LI80087 | [7.5.1.0-CUMUIFIX-021](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.scrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.vcrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.docker,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.32bit.studio,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.studio&includeSupersedes=0>) \nCast Iron Appliance | 7.0.0.2 \n7.0.0.1 \n7.0.0.0 | LI80087 | [7.0.0.2-CUMUIFIX-041](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.scrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.vcrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-win,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-win,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.32bit.studio,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-06T14:27:56", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12616", "CVE-2017-15698", "CVE-2017-15706", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-7674", "CVE-2017-7675", "CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-08-06T14:27:56", "id": "CB650C098E7F975732842DF3BA263EE87E1FC1874100FCC105AB0C9D8AA03627", "href": "https://www.ibm.com/support/pages/node/571901", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T06:15:20", "description": "## Summary\n\nApache Tomcat is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nPower HMC V7.9.0.0 \nPower HMC V8.8.2.0 \nPower HMC V8.8.3.0 \nPower HMC V8.8.4.0 \nPower HMC V8.8.5.0 \nPower HMC V8.8.6.0\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.9.0 SP3\n\n| \n\nMB04061\n\n| \n\n[MH01677](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V7R7.9.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP3\n\n| \n\nMB04062\n\n| \n\n[MH01678](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.2.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP3\n\n| \n\nMB04063\n\n| \n\n[ MH01679](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.3.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.4.0 SP2\n\n| \n\nMB04064\n\n| \n\n[ MH01680](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.4.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.5.0 SP1\n\n| \n\nMB04065\n\n| \n\n[MH01681](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.5.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.6.0\n\n| \n\nMB04060\n\n| \n\n[MH01674](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.6.0&platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2021-09-23T01:31:39", "id": "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "href": "https://www.ibm.com/support/pages/node/667781", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-27T19:54:29", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: tomcat-8.0.43-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2017-04-27T19:54:29", "id": "FEDORA:399E16057156", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MH6YITI2EQ6PN6ZLTVF5FDYA2OQFC4OY/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-27T20:56:01", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: tomcat-8.0.43-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2017-04-27T20:56:01", "id": "FEDORA:361D5605D56D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z75Q7V5QGBTLPUJXMQOEALW3YGSUYGIM/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-27T20:51:20", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: tomcat-8.0.43-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2017-04-27T20:51:20", "id": "FEDORA:3F80D6061813", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IFD6FCTODZNDNPMDRN3BOUCMQ6PJTROS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-15T01:21:03", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: tomcat-8.0.39-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2016-12-15T01:21:03", "id": "FEDORA:1DA54604D2A3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PENNFBRKLWKJB57BLHAVVE7N7SNJZAAG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-14T22:57:34", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: tomcat-8.0.39-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2016-12-14T22:57:34", "id": "FEDORA:8CEB2616D980", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UF4TZRB2ZZISKBSEVHSMDJFYA36MOY2B/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-14T21:31:31", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: tomcat-8.0.39-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2016-12-14T21:31:31", "id": "FEDORA:125286087B00", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GROU4JPVEOMXRKCZLSWVE36HA3PSXAEP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-11T15:47:39", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: tomcat-8.0.47-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2017-11-11T15:47:39", "id": "FEDORA:E150A6395ADF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N55R66XGBTPQ3X4NTIVLL4DHL5B3TBGW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-11T13:50:22", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: tomcat-8.0.47-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2017-11-11T13:50:22", "id": "FEDORA:A7FE360648D0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2NCUCSCNGO7SFD5TJDGN6PGC76SM5HGP/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-10T15:18:40", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: tomcat-8.0.47-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2017-11-10T15:18:40", "id": "FEDORA:DB25A6083B5B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O4QP22MKTOAEPRDJ7B7OHHKBITJ4TY53/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-04T16:47:53", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: tomcat-8.0.50-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-04-04T16:47:53", "id": "FEDORA:91D5F606E7CE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZE4E4RECANPGPYCTGUTJMU3HVA5EGUZD/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-04T17:10:49", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: tomcat-8.0.50-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-04-04T17:10:49", "id": "FEDORA:0B919601CE4F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TZFDZ3ABATDDSHVCFU5VFYXUK6X5BGWZ/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-5261ba4605", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5651", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2017-5261ba4605\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872624\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:21 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-5261ba4605\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-5261ba4605\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6YITI2EQ6PN6ZLTVF5FDYA2OQFC4OY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-d5aa7c77d6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5651", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2017-d5aa7c77d6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872623\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:15 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-d5aa7c77d6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-d5aa7c77d6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFD6FCTODZNDNPMDRN3BOUCMQ6PJTROS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-9c33466fbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-9c33466fbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872150\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:12 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-9c33466fbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENNFBRKLWKJB57BLHAVVE7N7SNJZAAG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-98cca07999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-98cca07999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872149\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:10 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-98cca07999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GROU4JPVEOMXRKCZLSWVE36HA3PSXAEP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-a98c560116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-a98c560116\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872157\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:55 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-a98c560116\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF4TZRB2ZZISKBSEVHSMDJFYA36MOY2B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2017:1292-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851553", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851553\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 06:53:12 +0200 (Tue, 16 May 2017)\");\n script_cve_id(\"CVE-2016-8745\", \"CVE-2017-5647\", \"CVE-2017-5648\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2017:1292-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n - CVE-2017-5647 Pipelined requests could lead to information disclosure\n (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain listener leading to\n information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could lead to\n information disclosure (bsc#1015119)\n\n This update was imported from the SUSE:SLE-12-SP1:Update and\n SUSE:SLE-12-SP2:Update update projects.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1292-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-02-20T18:46:41", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1262)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-12617", "CVE-2017-7674"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171262", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1262\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:02:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1262)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1262\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1262\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1262 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\nTwo vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\nA vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:55:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:3081-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-12617", "CVE-2017-7674"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310812057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812057", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812057\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-30 09:22:55 +0100 (Mon, 30 Oct 2017)\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:3081-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\n the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * A vulnerability was discovered in Tomcat's handling of pipelined requests\nwhen 'Sendfile' was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n * Two vulnerabilities were discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615, CVE-2017-12617)\n\n * A vulnerability was discovered in Tomcat where the CORS Filter did not\nsend a 'Vary: Origin' HTTP header. This potentially allowed sensitive data\nto be leaked to other visitors through both client-side and server-side\ncaches. (CVE-2017-7674)\");\n script_tag(name:\"affected\", value:\"tomcat on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3081-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00040.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~3.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:54:36", "description": "Check the version of tomcat", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat CESA-2017:3081 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-12617", "CVE-2017-7674"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882796", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882796\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 18:05:42 +0530 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat CESA-2017:3081 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * A vulnerability was discovered in Tomcat's handling of pipelined requests\nwhen 'Sendfile' was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n * Two vulnerabilities were discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615, CVE-2017-12617)\n\n * A vulnerability was discovered in Tomcat where the CORS Filter did not\nsend a 'Vary: Origin' HTTP header. This potentially allowed sensitive data\nto be leaked to other visitors through both client-side and server-side\ncaches. (CVE-2017-7674)\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3081\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022611.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~3.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:54:36", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2017:3080 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-12617"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882795", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882795\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 18:05:35 +0530 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-5664\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2017:3080 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * A vulnerability was discovered in Tomcat's handling of pipelined requests\nwhen 'Sendfile' was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n * A vulnerability was discovered in the error page mechanism in Tomcat's\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. (CVE-2017-5664)\n\n * Two vulnerabilities were discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615, CVE-2017-12617)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3080\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022610.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~111.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:55:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2017:3080-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-12617"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310812058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812058", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812058\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-30 09:23:08 +0100 (Mon, 30 Oct 2017)\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-5664\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2017:3080-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\n the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * A vulnerability was discovered in Tomcat's handling of pipelined requests\nwhen 'Sendfile' was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n * A vulnerability was discovered in the error page mechanism in Tomcat's\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. (CVE-2017-5664)\n\n * Two vulnerabilities were discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615, CVE-2017-12617)\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3080-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~111.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~111.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~111.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~111.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~111.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:43:16", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-5647", "CVE-2017-12617", "CVE-2017-7674"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171261", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1261\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\", \"CVE-2017-5647\", \"CVE-2017-7674\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:02:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1261)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1261\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1261\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1261 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\nTwo vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\nA vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:42:36", "description": "This host is installed with Apache Tomcat\n and is prone to denial of service and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "openvas", "title": "Apache Tomcat DoS and Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5651", "CVE-2017-5650"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_dos_n_info_disc_vuln_win.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat DoS and Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810766\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-5650\", \"CVE-2017-5651\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-21 16:04:36 +0530 (Fri, 21 Apr 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat DoS and Information Disclosure Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to denial of service and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- The handling of an HTTP/2 GOAWAY frame for a connection did not close\n streams associated with that connection that were currently waiting for\n a WINDOW_UPDATE before allowing the application to write more data\n\n - The refactoring of the HTTP connectors for 8.5.x onwards, introduced a\n regression in the send file processing. If the send file processing\n completed quickly, it was possible for the Processor to be added to the\n processor cache twice.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to consume all available processing threads and obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M18 and\n Apache Tomcat versions 8.5.0 to 8.5.12 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M19, 8.5.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[89]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.12\"))\n {\n fix = \"8.5.13\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M18\"))\n {\n fix = \"9.0.0.M19\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:36:39", "description": "This host is installed with Apache Tomcat\n and is prone to denial of service and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "openvas", "title": "Apache Tomcat DoS and Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5651", "CVE-2017-5650"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_dos_n_info_disc_vuln_lin.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat DoS and Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810767\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-5650\", \"CVE-2017-5651\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-21 16:12:24 +0530 (Fri, 21 Apr 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat DoS and Information Disclosure Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to denial of service and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- The handling of an HTTP/2 GOAWAY frame for a connection did not close\n streams associated with that connection that were currently waiting for\n a WINDOW_UPDATE before allowing the application to write more data\n\n - The refactoring of the HTTP connectors for 8.5.x onwards, introduced a\n regression in the send file processing. If the send file processing\n completed quickly, it was possible for the Processor to be added to the\n processor cache twice.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to consume all available processing threads and obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M18 and\n Apache Tomcat versions 8.5.0 to 8.5.12 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M19, 8.5.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[89]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.12\"))\n {\n fix = \"8.5.13\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M18\"))\n {\n fix = \"9.0.0.M19\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:35", "description": "Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.\n\nCVE-2017-5647 \nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648 \nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3842-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703842", "href": "http://plugins.openvas.org/nasl.php?oid=703842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3842.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3842-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703842);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_name(\"Debian Security Advisory DSA 3842-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3842.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)\nspecifications from Sun Microsystems, and provides a 'pure Java' HTTP web\nserver environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u10.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.\n\nCVE-2017-5647 \nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648 \nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u10\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-01-29T20:08:01", "description": "Two security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2017-5647\nA bug in the handling of the pipelined requests when send file was\nused resulted in the pipelined request being lost when send file\nprocessing of the previous request completed. This could result in\nresponses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nIt was noticed that some calls to application listeners did not use\nthe appropriate facade object. When running an untrusted application\nunder a SecurityManager, it was therefore possible for that\nuntrusted application to retain a reference to the request or\nresponse object and thereby access and/or modify information\nassociated with another web application.", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat7 (DLA-924-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890924", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890924\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_name(\"Debian LTS: Security Advisory for tomcat7 (DLA-924-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00043.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u12.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2017-5647\nA bug in the handling of the pipelined requests when send file was\nused resulted in the pipelined request being lost when send file\nprocessing of the previous request completed. This could result in\nresponses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nIt was noticed that some calls to application listeners did not use\nthe appropriate facade object. When running an untrusted application\nunder a SecurityManager, it was therefore possible for that\nuntrusted application to retain a reference to the request or\nresponse object and thereby access and/or modify information\nassociated with another web application.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:57:35", "description": "Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.\n\nCVE-2017-5647 \nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648 \nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3843-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703843", "href": "http://plugins.openvas.org/nasl.php?oid=703843", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3843.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3843-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703843);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_name(\"Debian Security Advisory DSA 3843-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3843.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)\nspecifications from Oracle, and provides a 'pure Java' HTTP web\nserver environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u9.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 8.5.11-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.\n\nCVE-2017-5647 \nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648 \nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.11-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:34:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-f499ee7b12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873711", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f499ee7b12_tomcat_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for tomcat FEDORA-2017-f499ee7b12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873711\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:09:37 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-12617\", \"CVE-2017-12615\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-f499ee7b12\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f499ee7b12\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N55R66XGBTPQ3X4NTIVLL4DHL5B3TBGW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.47~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:34", "description": "Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.\n\nCVE-2017-5647\nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3843-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703843", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3843.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3843-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703843\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_name(\"Debian Security Advisory DSA 3843-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3843.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u9.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 8.5.11-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.\n\nCVE-2017-5647\nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.11-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-14T18:41:56", "description": "Check the version of tomcat", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat CESA-2017:0935 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882690", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882690\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:11 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat CESA-2017:0935 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0935\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:36:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:0935-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871795", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871795\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:32:25 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:0935-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\n the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0935-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-April/msg00026.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-ef7c118dbc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ef7c118dbc_tomcat_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for tomcat FEDORA-2017-ef7c118dbc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873766\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:14:42 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-12617\", \"CVE-2017-12615\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-ef7c118dbc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ef7c118dbc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4QP22MKTOAEPRDJ7B7OHHKBITJ4TY53\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.47~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:45:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171081", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1081\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1081\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1081 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "description": "Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.\n\nCVE-2017-5647\nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3842-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3842.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3842-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703842\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_name(\"Debian Security Advisory DSA 3842-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3842.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u10.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.\n\nCVE-2017-5647\nPipelined requests were processed incorrectly, which could result in\nsome responses appearing to be sent for the wrong request.\n\nCVE-2017-5648\nSome application listeners calls were issued against the wrong\nobjects, allowing untrusted applications running under a\nSecurityManager to bypass that protection mechanism and access or\nmodify information associated with other web applications.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-02-20T18:46:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171082", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1082\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1082\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1082 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:46:22", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2017-03-18T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2017:0527 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882682", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882682\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 06:37:15 +0100 (Sat, 18 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2017:0527 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0527\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2017:0527-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871773", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871773\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 05:49:35 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2017:0527-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0527-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2018-50f0da5d38", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_50f0da5d38_tomcat_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for tomcat FEDORA-2018-50f0da5d38\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874329\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 10:09:02 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2018-1304\", \"CVE-2018-1305\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2018-50f0da5d38\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-50f0da5d38\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZFDZ3ABATDDSHVCFU5VFYXUK6X5BGWZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.50~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-25T12:05:25", "description": "This host is installed with Apache Tomcat\n and is prone to an multiple access bypass vulnerabilities.", "cvss3": {}, "published": "2018-02-26T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310812785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812785\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2018-1305\", \"CVE-2018-1304\");\n script_bugtraq_id(103144, 103170);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-26 18:10:55 +0530 (Mon, 26 Feb 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to an multiple access bypass vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The system does not properly enforce security constraints that defined by\n annotations of Servlets in certain cases, depending on the order that Servlets\n are loaded.\n\n - The URL pattern of '' (the empty string) which exactly maps to the context\n root was not correctly handled when used as part of a security constraint\n definition.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting these issues will allow\n remote attackers to bypass security constraints to access ostensibly restricted\n resources on the target system.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.4\n\n Apache Tomcat versions 8.5.0 to 8.5.27\n\n Apache Tomcat versions 8.0.0.RC1 to 8.0.49\n\n Apache Tomcat versions 7.0.0 to 7.0.84 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.5,\n 8.5.28, 8.0.50, 7.0.85 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos['version'];\npath = infos['location'];\n\nif(appVer =~ \"^8\\.5\")\n{\n if(version_in_range(version:appVer, test_version: \"8.5.0\", test_version2: \"8.5.27\")){\n fix = \"8.5.28\";\n }\n}\nelse if(appVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:appVer, test_version: \"7.0.0\", test_version2: \"7.0.84\")){\n fix = \"7.0.85\";\n }\n}\nelse if(appVer =~ \"^8\\.0\")\n{\n if((revcomp(a:appVer, b: \"8.0.0.RC1\") >= 0) && (revcomp(a:appVer, b: \"8.0.50\") < 0)){\n fix = \"8.0.50\";\n }\n}\nelse if(appVer =~ \"^9\\.0\")\n{\n if((revcomp(a:appVer, b: \"9.0.0.M1\") >= 0) && (revcomp(a:appVer, b: \"9.0.5\") < 0)){\n fix = \"9.0.5\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(port:tomPort, data: report);\n exit(0);\n}\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:07:15", "description": "Two security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2018-1304\nThe URL pattern of ", "cvss3": {}, "published": "2018-03-27T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat7 (DLA-1301-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891301", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891301\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1304\", \"CVE-2018-1305\");\n script_name(\"Debian LTS: Security Advisory for tomcat7 (DLA-1301-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u18.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2018-1304\nThe URL pattern of '' (the empty string) which exactly maps to the\ncontext root was not correctly handled in Apache Tomcat when used\nas part of a security constraint definition. This caused the\nconstraint to be ignored. It was, therefore, possible for\nunauthorized users to gain access to web application resources that\nshould have been protected. Only security constraints with a URL\npattern of the empty string were affected.\n\nCVE-2018-1305\nSecurity constraints defined by annotations of Servlets in Apache\nTomcat were only applied once a Servlet had been loaded. Because\nsecurity constraints defined in this way apply to the URL pattern\nand any URLs below that point, it was possible - depending on the\norder Servlets were loaded - for some security constraints not to be\napplied. This could have exposed resources to users who were not\nauthorized to access them.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:29", "description": "Several security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2018-1304\nThe URL pattern of ", "cvss3": {}, "published": "2018-07-30T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat8 (DLA-1450-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891450", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891450\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1304\", \"CVE-2018-1305\");\n script_name(\"Debian LTS: Security Advisory for tomcat8 (DLA-1450-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-30 00:00:00 +0200 (Mon, 30 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n8.0.14-1+deb8u12.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n\n script_tag(name:\"summary\", value:\"Several security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2018-1304\nThe URL pattern of '' (the empty string) which exactly maps to the\ncontext root was not correctly handled in Apache Tomcat when used as\npart of a security constraint definition. This caused the constraint\nto be ignored. It was, therefore, possible for unauthorized users to\ngain access to web application resources that should have been\nprotected. Only security constraints with a URL pattern of the empty\nstring were affected.\n\nCVE-2018-1305\nSecurity constraints defined by annotations of Servlets in Apache\nTomcat were only applied once a Servlet had been loaded. Because\nsecurity constraints defined in this way apply to the URL pattern\nand any URLs below that point, it was possible - depending on the\norder Servlets were loaded - for some security constraints not to be\napplied. This could have exposed resources to users who were not\nauthorized to access them.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-25T12:05:24", "description": "This host is installed with Apache Tomcat\n and is prone to an multiple access bypass vulnerabilities.", "cvss3": {}, "published": "2018-02-26T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310812784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812784\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2018-1305\", \"CVE-2018-1304\");\n script_bugtraq_id(103144, 103170);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-26 18:10:55 +0530 (Mon, 26 Feb 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to an multiple access bypass vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The system does not properly enforce security constraints that defined by\n annotations of Servlets in certain cases, depending on the order that Servlets\n are loaded.\n\n - The URL pattern of '' (the empty string) which exactly maps to the context\n root was not correctly handled when used as part of a security constraint\n definition.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting these issues will allow\n remote attackers to bypass security constraints to access ostensibly restricted\n resources on the target system.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.4\n\n Apache Tomcat versions 8.5.0 to 8.5.27\n\n Apache Tomcat versions 8.0.0.RC1 to 8.0.49\n\n Apache Tomcat versions 7.0.0 to 7.0.84 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.5,\n 8.5.28, 8.0.50, 7.0.85 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos['version'];\npath = infos['location'];\n\nif(appVer =~ \"^8\\.5\")\n{\n if(version_in_range(version:appVer, test_version: \"8.5.0\", test_version2: \"8.5.27\")){\n fix = \"8.5.28\";\n }\n}\nelse if(appVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:appVer, test_version: \"7.0.0\", test_version2: \"7.0.84\")){\n fix = \"7.0.85\";\n }\n}\nelse if(appVer =~ \"^8\\.0\")\n{\n if((revcomp(a:appVer, b: \"8.0.0.RC1\") >= 0) && (revcomp(a:appVer, b: \"8.0.50\") < 0)){\n fix = \"8.0.50\";\n }\n}\nelse if(appVer =~ \"^9\\.0\")\n{\n if((revcomp(a:appVer, b: \"9.0.0.M1\") >= 0) && (revcomp(a:appVer, b: \"9.0.5\") < 0)){\n fix = \"9.0.5\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(port:tomPort, data: report);\n exit(0);\n}\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2018-a233dae4ab", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a233dae4ab_tomcat_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for tomcat FEDORA-2018-a233dae4ab\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874333\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 10:10:06 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2018-1304\", \"CVE-2018-1305\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2018-a233dae4ab\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a233dae4ab\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZE4E4RECANPGPYCTGUTJMU3HVA5EGUZD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.50~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-12-02T15:36:43", "description": "This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:tomcat (2017-0e64c4c186)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-0E64C4C186.NASL", "href": "https://www.tenable.com/plugins/nessus/101573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0e64c4c186.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101573);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_xref(name:\"FEDORA\", value:\"2017-0e64c4c186\");\n\n script_name(english:\"Fedora 26 : 1:tomcat (2017-0e64c4c186)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which\nresolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650\n CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e64c4c186\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"tomcat-8.0.43-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:53:52", "description": "This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-28T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2017-d5aa7c77d6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-D5AA7C77D6.NASL", "href": "https://www.tenable.com/plugins/nessus/99720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d5aa7c77d6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99720);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_xref(name:\"FEDORA\", value:\"2017-d5aa7c77d6\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2017-d5aa7c77d6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which\nresolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650\n CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5aa7c77d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.43-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:52:43", "description": "This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-28T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2017-5261ba4605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-5261BA4605.NASL", "href": "https://www.tenable.com/plugins/nessus/99718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5261ba4605.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99718);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_xref(name:\"FEDORA\", value:\"2017-5261ba4605\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2017-5261ba4605)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which\nresolves multiple CVEs :\n\n - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650\n CVE-2017-5651 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5261ba4605\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.43-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:15", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple vulnerabilities:\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n - A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.\n (CVE-2017-12617, CVE-2017-12615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-02-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "href": "https://www.tenable.com/plugins/nessus/127359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0117. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127359);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\",\n \"CVE-2017-12615\",\n \"CVE-2017-12617\"\n );\n script_bugtraq_id(98888);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple\nvulnerabilities:\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when Sendfile was used. If sendfile\n processing completed quickly, it was possible for the\n Processor to be added to the processor cache twice. This\n could lead to invalid responses or information\n disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page\n mechanism in Tomcat's DefaultServlet implementation. A\n crafted HTTP request could cause undesired side effects,\n possibly including the removal or replacement of the\n custom error page. (CVE-2017-5664)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\n - A vulnerability was discovered in Tomcat where if a\n servlet context was configured with readonly=false and\n HTTP PUT requests were allowed, an attacker could upload\n a JSP file to that context and achieve code execution.\n (CVE-2017-12617, CVE-2017-12615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0117\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL tomcat6 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"tomcat6-6.0.24-111.el6_9\",\n \"tomcat6-el-2.1-api-6.0.24-111.el6_9\",\n \"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\",\n \"tomcat6-lib-6.0.24-111.el6_9\",\n \"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:28:10", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 23 : 1:tomcat (2016-9c33466fbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9C33466FBB.NASL", "href": "https://www.tenable.com/plugins/nessus/95830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9c33466fbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95830);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 23 : 1:tomcat (2016-9c33466fbb)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"tomcat-8.0.39-1.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:52", "description": "The version of Apache Tomcat installed on the remote host is version 7.0.x prior to 7.0.77, 8.0.x prior to 8.0.43, 8.5.x prior to 8.5.13, and 9.0.0.x prior to 9.0.0.M19, and is affected by multiple vulerabilities :\n\n - An unspecified flaw exists in the pipelined request handling that is triggered when send file processing was used. This may result in responses being sent for different requests and may allow a remote attacker to disclose potentially sensitive information. (CVE-2017-5647)\n - A flaw exists in the handling of HTTP/2 GOAWAY Frames that is triggered as streams associated with the connections are not properly closed. With specially crafted HTTP/2 requests, a remote attacker can exhaust available threads, resulting in a denial of service. (CVE-2017-5650)\n - A flaw exists in the refactoring of HTTP connectors related to the processing of send files. This may cause the processor to be added to the processor cache twice, allowing a remote attacker to gain access to sensitive information from other sessions which use the processor for requests. (CVE-2017-5651)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.13 / 9.0.0.x < 9.0.0.M19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700057.PASL", "href": "https://www.tenable.com/plugins/nnm/700057", "sourceData": "Binary data 700057.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:16:15", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.13. It is therefore affected by multiple vulnerabilities :\n\n - A flaw exists in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5647)\n\n - A flaw exists in the handling of HTTP/2 GOAWAY frames for a connection due to streams associated with the connection not being properly closed if the connection was currently waiting for a WINDOW_UPDATE before allowing the application to write more data. Each stream consumes a processing thread in the system. An unauthenticated, remote attacker can exploit this issue, via a series of specially crafted HTTP/2 requests, to consume all available threads, resulting in a denial of service condition. (CVE-2017-5650)\n\n - A flaw exists in HTTP connectors when processing send files. If processing completed quickly, it was possible to add the processor to the processor cache twice, which allows the same processor to be used for multiple requests. An unauthenticated, remote attacker can exploit this to disclose sensitive information from other sessions or cause unexpected errors. (CVE-2017-5651)\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112304", "href": "https://www.tenable.com/plugins/was/112304", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:52:31", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.13 or 9.0.x prior to 9.0.0.M19. It is therefore affected by multiple vulnerabilities :\n\n - A flaw exists in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5647)\n\n - A flaw exists in the handling of HTTP/2 GOAWAY frames for a connection due to streams associated with the connection not being properly closed if the connection was currently waiting for a WINDOW_UPDATE before allowing the application to write more data. Each stream consumes a processing thread in the system. An unauthenticated, remote attacker can exploit this issue, via a series of specially crafted HTTP/2 requests, to consume all available threads, resulting in a denial of service condition. (CVE-2017-5650)\n\n - A flaw exists in HTTP connectors when processing send files. If processing completed quickly, it was possible to add the processor to the processor cache twice, which allows the same processor to be used for multiple requests. An unauthenticated, remote attacker can exploit this to disclose sensitive information from other sessions or cause unexpected errors.\n (CVE-2017-5651)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.13 / 9.0.x < 9.0.0.M19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_13.NASL", "href": "https://www.tenable.com/plugins/nessus/99368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99368);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_bugtraq_id(97529, 97531, 97544);\n\n script_name(english:\"Apache Tomcat 8.5.x < 8.5.13 / 9.0.x < 9.0.0.M19 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 8.5.x prior to 8.5.13 or \n9.0.x prior to 9.0.0.M19. It is therefore affected by multiple \nvulnerabilities :\n\n - A flaw exists in the handling of pipelined requests when\n send file processing is used that results in the\n pipelined request being lost when processing of the\n previous request has completed, causing responses to be\n sent for the wrong request. An unauthenticated, remote\n attacker can exploit this to disclose sensitive\n information. (CVE-2017-5647)\n\n - A flaw exists in the handling of HTTP/2 GOAWAY frames\n for a connection due to streams associated with the\n connection not being properly closed if the connection\n was currently waiting for a WINDOW_UPDATE before\n allowing the application to write more data. Each stream\n consumes a processing thread in the system. An\n unauthenticated, remote attacker can exploit this issue,\n via a series of specially crafted HTTP/2 requests, to\n consume all available threads, resulting in a denial of\n service condition. (CVE-2017-5650)\n\n - A flaw exists in HTTP connectors when processing send\n files. If processing completed quickly, it was possible\n to add the processor to the processor cache twice, which\n allows the same processor to be used for multiple\n requests. An unauthenticated, remote attacker can\n exploit this to disclose sensitive information from\n other sessions or cause unexpected errors.\n (CVE-2017-5651)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26fc2208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.13 / 9.0.0.M19 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5651\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:make_list(\"8.5.13\", \"9.0.0.M19\"), severity:SECURITY_HOLE, granularity_regex:\"^(8(\\.5)?|9(\\.0)?)$\");\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:27", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2016-98cca07999)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-98CCA07999.NASL", "href": "https://www.tenable.com/plugins/nessus/95829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-98cca07999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95829);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2016-98cca07999)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-98cca07999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.39-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:09", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.8 or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\nNote that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9906.PASL", "href": "https://www.tenable.com/plugins/nnm/9906", "sourceData": "Binary data 9906.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:09", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2016-a98c560116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A98C560116.NASL", "href": "https://www.tenable.com/plugins/nessus/95904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a98c560116.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95904);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2016-a98c560116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.39-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:01:42", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/95438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95438);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_bugtraq_id(94097, 94461, 94463);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.48, 7.0.x\nprior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or\n9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple \nvulnerabilities :\n\n - A flaw exists that is triggered when handling request\n lines containing certain invalid characters. An \n unauthenticated, remote attacker can exploit this, by\n injecting additional headers into responses, to conduct\n HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2\n parser due to an infinite loop caused by improper\n parsing of overly large headers. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x\n versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX\n listener in JmxRemoteLifecycleListener.java due to\n improper deserialization of Java objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e8a81e1\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c7e7b23\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?833cb56a\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87d6ed56\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f7bb039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.48 / 7.0.73 / 8.0.39 / 8.5.8 / 9.0.0.M13 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:make_list(\"6.0.48\", \"7.0.73\", \"8.0.39\", \"8.5.8\", \"9.0.0.M13\"), severity:SECURITY_HOLE, granularity_regex:\"^(6(\\.0)?|7(\\.0)?|8(\\.(0|5))?|9(\\.0)?)$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:37", "description": "This update for tomcat fixes the following issues :\n\n - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects.", "cvss3": {}, "published": "2017-05-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2017-586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-586.NASL", "href": "https://www.tenable.com/plugins/nessus/100204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-586.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100204);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8745\", \"CVE-2017-5647\", \"CVE-2017-5648\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2017-586)\");\n script_summary(english:\"Check for the openSUSE-2017-586 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tomcat fixes the following issues :\n\n - CVE-2017-5647 Pipelined requests could lead to\n information disclosure (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain\n listener leading to information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could\n lead to information disclosure (bsc#1015119)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update and\nSUSE:SLE-12-SP2:Update update projects.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-admin-webapps-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-docs-webapp-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-el-3_0-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-embed-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-javadoc-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsp-2_3-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsvc-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-lib-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-servlet-3_1-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-webapps-8.0.43-6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T15:25:44", "description": "From Red Hat Security Advisory 2017:3080 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2017-3080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-3080.NASL", "href": "https://www.tenable.com/plugins/nessus/104247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3080 and \n# Oracle Linux Security Advisory ELSA-2017-3080 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104247);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3080\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2017-3080)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2017:3080 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in\nTomcat's DefaultServlet implementation. A crafted HTTP request could\ncause undesired side effects, possibly including the removal or\nreplacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007315.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-111.el6_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:03:38", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2017:3081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-3081.NASL", "href": "https://www.tenable.com/plugins/nessus/104251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104251);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3081\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2017:3081)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did\nnot send a 'Vary: Origin' HTTP header. This potentially allowed\nsensitive data to be leaked to other visitors through both client-side\nand server-side caches. (CVE-2017-7674)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-5647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-7674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.76-3.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.76-3.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:10", "description": "The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - An unspecified flaw in error page mechanism of the DefaultServlet implementation allows a specially-crafted HTTP request to cause undesired side effects, including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n - An unspecified flaw affects servlet contexts configured as readonly=false with HTTP PUT requests allowed. An attacker can upload a JSP file to that context and execute arbitrary code.\n (CVE-2017-12615, CVE-2017-12617)\n\nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_24.NASL", "href": "https://www.tenable.com/plugins/nessus/104358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104358);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-5647\",\n \"CVE-2017-5664\",\n \"CVE-2017-12615\",\n \"CVE-2017-12617\"\n );\n script_bugtraq_id(98888, 100901, 100954);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Tomcat installed on the remote host is 6.0.x\nprior to 6.0.24. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the handling of pipelined requests\n when 'Sendfile' was used. If sendfile processing completed\n quickly, it was possible for the Processor to be added to the\n processor cache twice. This could lead to invalid responses or\n information disclosure. (CVE-2017-5647)\n\n - An unspecified flaw in error page mechanism of the DefaultServlet\n implementation allows a specially-crafted HTTP request to cause\n undesired side effects, including the removal or replacement of\n the custom error page. (CVE-2017-5664)\n\n - An unspecified flaw affects servlet contexts configured as\n readonly=false with HTTP PUT requests allowed. An attacker can\n upload a JSP file to that context and execute arbitrary code.\n (CVE-2017-12615, CVE-2017-12617)\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.24 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.24\", min:\"6.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:03:11", "description": "Security Fix(es) :\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.\n (CVE-2017-12615, CVE-2017-12617)", "cvss3": {}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20171030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171030_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104268);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20171030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security Fix(es) :\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when 'Sendfile' was used. If sendfile\n processing completed quickly, it was possible for the\n Processor to be added to the processor cache twice. This\n could lead to invalid responses or information\n disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page\n mechanism in Tomcat's DefaultServlet implementation. A\n crafted HTTP request could cause undesired side effects,\n possibly including the removal or replacement of the\n custom error page. (CVE-2017-5664)\n\n - Two vulnerabilities were discovered in Tomcat where if a\n servlet context was configured with readonly=false and\n HTTP PUT requests were allowed, an attacker could upload\n a JSP file to that context and achieve code execution.\n (CVE-2017-12615, CVE-2017-12617)\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=19140\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5011c34b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-111.el6_9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:40:13", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)", "cvss3": {}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2017:3080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-3080.NASL", "href": "https://www.tenable.com/plugins/nessus/104256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3080 and \n# CentOS Errata and Security Advisory 2017:3080 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104256);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3080\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2017:3080)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in\nTomcat's DefaultServlet implementation. A crafted HTTP request could\ncause undesired side effects, possibly including the removal or\nreplacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\");\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022610.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a18954a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-111.el6_9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:03:37", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2017:3080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-3080.NASL", "href": "https://www.tenable.com/plugins/nessus/104250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3080. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104250);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3080\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2017:3080)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in\nTomcat's DefaultServlet implementation. A crafted HTTP request could\ncause undesired side effects, possibly including the removal or\nreplacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-5647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-5664\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3080\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-111.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:08", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api"], "id": "EULEROS_SA-2017-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/104286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104286);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when 'Sendfile' was used. If\n sendfile processing completed quickly, it was possible\n for the Processor to be added to the processor cache\n twice. This could lead to invalid responses or\n information disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if\n a servlet context was configured with readonly=false\n and HTTP PUT requests were allowed, an attacker could\n upload a JSP file to that context and achieve code\n execution. (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS\n Filter did not send a 'Vary: Origin' HTTP header. This\n potentially allowed sensitive data to be leaked to\n other visitors through both client-side and server-side\n caches. (CVE-2017-7674)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec6455e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-3\",\n \"tomcat-admin-webapps-7.0.76-3\",\n \"tomcat-el-2.2-api-7.0.76-3\",\n \"tomcat-jsp-2.2-api-7.0.76-3\",\n \"tomcat-lib-7.0.76-3\",\n \"tomcat-servlet-3.0-api-7.0.76-3\",\n \"tomcat-webapps-7.0.76-3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:40:56", "description": "Security Fix(es) :\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.\n (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)", "cvss3": {}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171030_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104269);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security Fix(es) :\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when 'Sendfile' was used. If sendfile\n processing completed quickly, it was possible for the\n Processor to be added to the processor cache twice. This\n could lead to invalid responses or information\n disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if a\n servlet context was configured with readonly=false and\n HTTP PUT requests were allowed, an attacker could upload\n a JSP file to that context and achieve code execution.\n (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS\n Filter did not send a 'Vary: Origin' HTTP header. This\n potentially allowed sensitive data to be leaked to other\n visitors through both client-side and server-side\n caches. (CVE-2017-7674)\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=18759\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f0fb7f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.76-3.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:03:22", "description": "From Red Hat Security Advisory 2017:3081 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)", "cvss3": {}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2017-3081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-3081.NASL", "href": "https://www.tenable.com/plugins/nessus/104248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3081 and \n# Oracle Linux Security Advisory ELSA-2017-3081 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104248);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3081\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2017-3081)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2017:3081 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did\nnot send a 'Vary: Origin' HTTP header. This potentially allowed\nsensitive data to be leaked to other visitors through both client-side\nand server-side caches. (CVE-2017-7674)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007316.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-3.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:03:39", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1262.NASL", "href": "https://www.tenable.com/plugins/nessus/104287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104287);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when 'Sendfile' was used. If\n sendfile processing completed quickly, it was possible\n for the Processor to be added to the processor cache\n twice. This could lead to invalid responses or\n information disclosure. (CVE-2017-5647)\n\n - Two vulnerabilities were discovered in Tomcat where if\n a servlet context was configured with readonly=false\n and HTTP PUT requests were allowed, an attacker could\n upload a JSP file to that context and achieve code\n execution. (CVE-2017-12615, CVE-2017-12617)\n\n - A vulnerability was discovered in Tomcat where the CORS\n Filter did not send a 'Vary: Origin' HTTP header. This\n potentially allowed sensitive data to be leaked to\n other visitors through both client-side and server-side\n caches. (CVE-2017-7674)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1262\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f89b114\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-3\",\n \"tomcat-admin-webapps-7.0.76-3\",\n \"tomcat-el-2.2-api-7.0.76-3\",\n \"tomcat-jsp-2.2-api-7.0.76-3\",\n \"tomcat-lib-7.0.76-3\",\n \"tomcat-servlet-3.0-api-7.0.76-3\",\n \"tomcat-webapps-7.0.76-3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:42", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat6", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-3080.NASL", "href": "https://www.tenable.com/plugins/nessus/119237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119237);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in\nTomcat's DefaultServlet implementation. A crafted HTTP request could\ncause undesired side effects, possibly including the removal or\nreplacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-3080.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e3479053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 / tomcat6-admin-webapps / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat6-6.0.24-111.vl6\",\n \"tomcat6-admin-webapps-6.0.24-111.vl6\",\n \"tomcat6-docs-webapp-6.0.24-111.vl6\",\n \"tomcat6-el-2.1-api-6.0.24-111.vl6\",\n \"tomcat6-javadoc-6.0.24-111.vl6\",\n \"tomcat6-jsp-2.1-api-6.0.24-111.vl6\",\n \"tomcat6-lib-6.0.24-111.vl6\",\n \"tomcat6-servlet-2.5-api-6.0.24-111.vl6\",\n \"tomcat6-webapps-6.0.24-111.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:40:13", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)", "cvss3": {}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2017:3081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-7674"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-3081.NASL", "href": "https://www.tenable.com/plugins/nessus/104257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3081 and \n# CentOS Errata and Security Advisory 2017:3081 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104257);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-5647\",\n \"CVE-2017-7674\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3081\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2017:3081)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Tomcat's handling of pipelined\nrequests when 'Sendfile' was used. If sendfile processing completed\nquickly, it was possible for the Processor to be added to the\nprocessor cache twice. This could lead to invalid responses or\ninformation disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet\ncontext was configured with readonly=false and HTTP PUT requests were\nallowed, an attacker could upload a JSP file to that context and\nachieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did\nnot send a 'Vary: Origin' HTTP header. This potentially allowed\nsensitive data to be leaked to other visitors through both client-side\nand server-side caches. (CVE-2017-7674)\");\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022611.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8316aabc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-3.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-3.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:43:07", "description": "Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine.\n\n - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request.\n\n - CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.", "cvss3": {}, "published": "2017-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-3842-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3842.NASL", "href": "https://www.tenable.com/plugins/nessus/99971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3842. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99971);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_xref(name:\"DSA\", value:\"3842\");\n\n script_name(english:\"Debian DSA-3842-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.\n\n - CVE-2017-5647\n Pipelined requests were processed incorrectly, which\n could result in some responses appearing to be sent for\n the wrong request.\n\n - CVE-2017-5648\n Some application listeners calls were issued against the\n wrong objects, allowing untrusted applications running\n under a SecurityManager to bypass that protection\n mechanism and access or modify information associated\n with other web applications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3842\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.56-3+deb8u10.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 7.0.72-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:30", "description": "Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine.\n\n - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request.\n\n - CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.", "cvss3": {}, "published": "2017-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-3843-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3843.NASL", "href": "https://www.tenable.com/plugins/nessus/99972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3843. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99972);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_xref(name:\"DSA\", value:\"3843\");\n\n script_name(english:\"Debian DSA-3843-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.\n\n - CVE-2017-5647\n Pipelined requests were processed incorrectly, which\n could result in some responses appearing to be sent for\n the wrong request.\n\n - CVE-2017-5648\n Some application listeners calls were issued against the\n wrong objects, allowing untrusted applications running\n under a SecurityManager to bypass that protection\n mechanism and access or modify information associated\n with other web applications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3843\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u9.\n\nFor the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 8.5.11-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:53:46", "description": "Incorrect handling of pipelined requests when send file was used\n\nA bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. (CVE-2017-5647)\n\nCalls to application listeners did not use the appropriate facade object\n\nWhile investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. (CVE-2017-5648)", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5648"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps"], "id": "ALA_ALAS-2017-822.NASL", "href": "https://www.tenable.com/plugins/nessus/99535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-822.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99535);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5648\");\n script_xref(name:\"ALAS\", value:\"2017-822\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-822)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incorrect handling of pipelined requests when send file was used\n\nA bug in the handling of the pipelined requests in Apache Tomcat\n9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to\n7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the\npipelined request being lost when send file processing of the previous\nrequest completed. This could result in responses appearing to be sent\nfor the wrong request. For example, a user agent that sent requests A,\nB and C could see the correct response for request A, the response for\nrequest C for request B and no response for request C. (CVE-2017-5647)\n\nCalls to application listeners did not use the appropriate facade\nobject\n\nWhile investigating bug 60718, it was noticed that some calls to\napplication listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to\n8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the\nappropriate facade object. When running an untrusted application under\na SecurityManager, it was therefore possible for that untrusted\napplication to retain a reference to the request or response object\nand thereby access and/or modify information associated with another\nweb application. (CVE-2017-5648)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-822.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update tomcat7' to update your system.\n\nRun 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.77-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.43-1.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.43-1.70.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:51:13", "description": "From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# Oracle Linux Security Advisory ELSA-2017-0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97765);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2017-0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006786.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:03", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/99947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99947);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?486df412\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:52:04", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# CentOS Errata and Security Advisory 2017:0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97795);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2017:0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c36d97ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:40", "description": "This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:tomcat (2017-ef7c118dbc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-EF7C118DBC.NASL", "href": "https://www.tenable.com/plugins/nessus/104505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ef7c118dbc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104505);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\");\n script_xref(name:\"FEDORA\", value:\"2017-ef7c118dbc\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 26 : 1:tomcat (2017-ef7c118dbc)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update includes a rebase from 8.0.46 up to 8.0.47 which resolves\na single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for\nCVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ef7c118dbc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"tomcat-8.0.47-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:36", "description": "This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2017-f499ee7b12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-F499EE7B12.NASL", "href": "https://www.tenable.com/plugins/nessus/104506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f499ee7b12.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104506);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\");\n script_xref(name:\"FEDORA\", value:\"2017-f499ee7b12\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2017-f499ee7b12)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update includes a rebase from 8.0.46 up to 8.0.47 which resolves\na single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for\nCVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.47-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:08:41", "description": "This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:tomcat (2017-ebb76fc3c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-EBB76FC3C9.NASL", "href": "https://www.tenable.com/plugins/nessus/105995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ebb76fc3c9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105995);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12615\", \"CVE-2017-12617\");\n script_xref(name:\"FEDORA\", value:\"2017-ebb76fc3c9\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Fedora 27 : 1:tomcat (2017-ebb76fc3c9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update includes a rebase from 8.0.46 up to 8.0.47 which resolves\na single CVE along with various other bugs/features :\n\nrhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for\nCVE-2017-12615\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebb76fc3c9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"tomcat-8.0.47-1.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:48:05", "description": "A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-11T00:00:00", "type": "nessus", "title": "Debian DLA-779-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-779.NASL", "href": "https://www.tenable.com/plugins/nessus/96396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-779-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96396);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n\n script_name(english:\"Debian DLA-779-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\nCVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:51:13", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97770);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=8501\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc04edf8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:52:55", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170412_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99353);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=8502\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0863e9c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:39:05", "description": "The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96364);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214599\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n # https://vuxml.freebsd.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f94679a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.73\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:05", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-778.NASL", "href": "https://www.tenable.com/plugins/nessus/95898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-778.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95898);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-778\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-778)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-778.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat8' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.39-1.67.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:37", "description": "According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.8.2223 or 3.3.x prior to 3.3.4.3247. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Apache Tomcat component in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5647)\n\n - A flaw exists in the Apache Tomcat component in HTTP connectors when processing send files. If processing completed quickly, it was possible to add the processor to the processor cache twice, which allows the same processor to be used for multiple requests. An unauthenticated, remote attacker can exploit this to disclose sensitive information from other sessions or cause unexpected errors. (CVE-2017-5651)", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.2.x < 3.2.8.2223 / 3.3.x < 3.3.4.3247 Multiple Vulnerabilities (July 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5647", "CVE-2017-5651"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "id": "MYSQL_ENTERPRISE_MONITOR_3_3_4_3247.NASL", "href": "https://www.tenable.com/plugins/nessus/101895", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101895);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-5647\", \"CVE-2017-5651\");\n script_bugtraq_id(97544);\n\n script_name(english:\"MySQL Enterprise Monitor 3.2.x < 3.2.8.2223 / 3.3.x < 3.3.4.3247 Multiple Vulnerabilities (July 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\napplication running on the remote host is 3.2.x prior to 3.2.8.2223 or\n3.3.x prior to 3.3.4.3247. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the Apache Tomcat component in the\n handling of pipelined requests when send file processing\n is used that results in the pipelined request being lost\n when processing of the previous request has completed,\n causing responses to be sent for the wrong request. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive information. (CVE-2017-5647)\n\n - A flaw exists in the Apache Tomcat component in HTTP\n connectors when processing send files. If processing\n completed quickly, it was possible to add the processor\n to the processor cache twice, which allows the same\n processor to be used for multiple requests. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive information from other sessions or\n cause unexpected errors. (CVE-2017-5651)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50229a1a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2279658.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor version 3.2.8.2223 / 3.3.4.3247 or\nlater as referenced in the July 2017 Oracle Critical Patch Update\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nfixes = {\"^3.3\": \"3.3.4.3247\",\n \"^3.2\": \"3.2.8.2223\"};\n\nvuln = FALSE;\nfix = '';\nforeach (prefix in keys(fixes))\n{\n if (version =~ prefix && ver_compare(ver:version,\n fix:fixes[prefix],\n strict:FALSE) < 0)\n {\n vuln = TRUE;\n fix = fixes[prefix];\n break;\n }\n}\n\nif (vuln)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:14:37", "description": "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613)\n\n* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)\n\n* tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\n* tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-03-08T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2017-12615", "CVE-2017-12616", "CVE-2017-12617", "CVE-2017-15698", "CVE-2018-1304", "CVE-2018-1305"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault-tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/107208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0466. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107208);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-12613\",\n \"CVE-2017-12615\",\n \"CVE-2017-12616\",\n \"CVE-2017-12617\",\n \"CVE-2017-15698\",\n \"CVE-2018-1304\",\n \"CVE-2018-1305\"\n );\n script_xref(name:\"RHSA\", value:\"2018:0466\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6\nand Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as\na replacement for Red Hat JBoss Web Server 3.1, and includes bug\nfixes, which are documented in the Release Notes document linked to in\nthe References.\n\nSecurity Fix(es) :\n\n* apr: Out-of-bounds array deref in apr_time_exp*() functions\n(CVE-2017-12613)\n\n* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)\n\n* tomcat: Information Disclosure when using VirtualDirContext\n(CVE-2017-12616)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615\n(CVE-2017-12617)\n\n* tomcat-native: Mishandling of client certificates can allow for OCSP\ncheck bypass (CVE-2017-15698)\n\n* tomcat: Incorrect handling of empty string URL in security\nconstraints can lead to unintended exposure of resources\n(CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to\nresource exposure for unauthorised users (CVE-2018-1305)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65f431f2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-15698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0466\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-1.3.8-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat7-1.3.8-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat8-1.3.8-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-1.2.8-11.redhat_11.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-11.redhat_11.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-debuginfo-1.2.8-11.redhat_11.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-11.redhat_11.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-1.1.6-1.Final_redhat_1.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-tomcat7-1.1.6-1.Final_redhat_1.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-tomcat8-1.1.6-1.Final_redhat_1.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsvc-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-selinux-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.70-25.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsvc-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-selinux-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.36-29.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.36-29.ep7.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-1.3.8-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat7-1.3.8-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat8-1.3.8-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-11.redhat_11.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-11.redhat_11.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-1.1.6-1.Final_redhat_1.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-tomcat7-1.1.6-1.Final_redhat_1.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-tomcat8-1.1.6-1.Final_redhat_1.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsvc-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-selinux-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.70-25.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsvc-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-selinux-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.36-29.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.36-29.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_cluster / mod_cluster-tomcat7 / mod_cluster-tomcat8 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:28:21", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-776)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-776.NASL", "href": "https://www.tenable.com/plugins/nessus/95896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-776.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95896);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-776\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-776)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-776.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat6' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.48-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:52:54", "description": "From Red Hat Security Advisory 2017:0935 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", &q