Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14T00:00:00
ID VU:993544 Type cert Reporter CERT Modified 2007-08-15T18:09:00
Description
Overview
Apache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.
Description
Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected
6.0.0 to 6.0.13
5.5.0 to 5.5.24
5.0.0 to 5.0.30
4.1.0 to 4.1.36
3.3 to 3.3.2
Impact
This vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies.
Solution
Apply an update
This vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat Security page for availability of fixes for this and other versions of Tomcat.
Vendor Information
993544
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Vendor has issued information
__ Sort by: Status Alphabetical
Expand all
Affected Unknown __ Unaffected
Javascript is disabled. Click here to view vendors.
__ Apache Tomcat
Notified: July 02, 2007 Updated: August 14, 2007
Status
__ Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
This vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat Security page for availability of fixes for this and other versions of Tomcat.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | | N/A
Thanks to Tomasz Kuczynski for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2007-3382
---|--- Severity Metric:** | 4.61 Date Public: | 2007-08-13 Date First Published: | 2007-08-14 Date Last Updated: | 2007-08-15 18:09 UTC Document Revision: | 6
{"id": "VU:993544", "hash": "35648bfeb55aefddc76224ed3badfe3c", "type": "cert", "bulletinFamily": "info", "title": "Apache Tomcat fails to properly handle cookies containing single quotes", "description": "### Overview \n\nApache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.\n\n### Description \n\nApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected\n\n`6.0.0 to 6.0.13 \n5.5.0 to 5.5.24 \n5.0.0 to 5.0.30 \n4.1.0 to 4.1.36 \n3.3 to 3.3.2` \n \n--- \n \n### Impact \n\nThis vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nThis vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat [Security](<http://tomcat.apache.org/security.html>) page for availability of fixes for this and other versions of Tomcat. \n \n--- \n \n### Vendor Information\n\n993544\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Apache Tomcat \n\nNotified: July 02, 2007 Updated: August 14, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThis vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat [Security](<http://tomcat.apache.org/security.html>) page for availability of fixes for this and other versions of Tomcat.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23993544 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://tomcat.apache.org/security.html>\n * <http://seclists.org/fulldisclosure/2007/Aug/0236.html>\n * <http://secunia.com/advisories/26466/>\n\n### Credit\n\nThanks to Tomasz Kuczynski for reporting this vulnerability. \n\nThis document was written by Will Dormann. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-3382](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382>) \n---|--- \n**Severity Metric:****** | 4.61 \n**Date Public:** | 2007-08-13 \n**Date First Published:** | 2007-08-14 \n**Date Last Updated: ** | 2007-08-15 18:09 UTC \n**Document Revision: ** | 6 \n", "published": "2007-08-14T00:00:00", "modified": "2007-08-15T18:09:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.kb.cert.org/vuls/id/993544", "reporter": "CERT", "references": ["http://tomcat.apache.org/security.html", "http://seclists.org/fulldisclosure/2007/Aug/0236.html", "http://secunia.com/advisories/26466/"], "cvelist": ["CVE-2007-3382"], "lastseen": "2018-12-25T20:18:38", "history": [{"bulletin": {"id": "VU:993544", "hash": "a3ab868757746e7f9b39f2337e8db02b342c81ae7ae9efae948389d8a8f212e0", "type": "cert", "bulletinFamily": "info", "title": "Apache Tomcat fails to properly handle cookies containing single quotes", "description": "### Overview\n\nApache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.\n\n### Description\n\nApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected \n\n`6.0.0 to 6.0.13 \n5.5.0 to 5.5.24 \n5.0.0 to 5.0.30 \n4.1.0 to 4.1.36 \n3.3 to 3.3.2` \n \n--- \n \n### Impact\n\nThis vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. \n \n--- \n \n### Solution\n\n**Apply an update** \n \n---\n", "published": "2007-08-14T00:00:00", "modified": "2007-08-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.kb.cert.org/vuls/id/993544", "reporter": "CERT", "references": [], "cvelist": [], "lastseen": "2016-02-03T09:12:27", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2016-02-03T09:12:27", "differentElements": ["cvelist", "cvss", "description", "references"], "edition": 1}, {"bulletin": {"id": "VU:993544", "hash": "c467e633af857b54fc135a5ff1ff223cb2ad770587040331ecf269daefa59e30", "type": "cert", "bulletinFamily": "info", "title": "Apache Tomcat fails to properly handle cookies containing single quotes", "description": "### Overview\n\nApache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.\n\n### Description\n\nApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected \n\n`6.0.0 to 6.0.13 \n5.5.0 to 5.5.24 \n5.0.0 to 5.0.30 \n4.1.0 to 4.1.36 \n3.3 to 3.3.2` \n \n--- \n \n### Impact\n\nThis vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nThis vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat [Security](<http://tomcat.apache.org/security.html>) page for availability of fixes for this and other versions of Tomcat. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApache Tomcat| | 02 Jul 2007| 14 Aug 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23993544 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://tomcat.apache.org/security.html>\n * <http://seclists.org/fulldisclosure/2007/Aug/0236.html>\n * <http://secunia.com/advisories/26466/>\n\n### Credit\n\nThanks to Tomasz Kuczynski for reporting this vulnerability.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3382](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382>)\n * Date Public: 13 Aug 2007\n * Date First Published: 14 Aug 2007\n * Date Last Updated: 15 Aug 2007\n * Severity Metric: 4.61\n * Document Revision: 6\n\n", "published": "2007-08-14T00:00:00", "modified": "2007-08-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.kb.cert.org/vuls/id/993544", "reporter": "CERT", "references": ["http://seclists.org/fulldisclosure/2007/Aug/0236.html", "http://tomcat.apache.org/security.html", "http://tomcat.apache.org/security.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382", "http://secunia.com/advisories/26466/"], "cvelist": ["CVE-2007-3382", "CVE-2007-3382"], "lastseen": "2018-08-02T21:57:58", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2018-08-02T21:57:58", "differentElements": ["cvss"], "edition": 2}, {"bulletin": {"id": "VU:993544", "hash": "ea4c6fa75d318d9931e1108bdec76d1d602b014e8f6d1f9c6c6082918f9c5871", "type": "cert", "bulletinFamily": "info", "title": "Apache Tomcat fails to properly handle cookies containing single quotes", "description": "### Overview\n\nApache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.\n\n### Description\n\nApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected \n\n`6.0.0 to 6.0.13 \n5.5.0 to 5.5.24 \n5.0.0 to 5.0.30 \n4.1.0 to 4.1.36 \n3.3 to 3.3.2` \n \n--- \n \n### Impact\n\nThis vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nThis vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat [Security](<http://tomcat.apache.org/security.html>) page for availability of fixes for this and other versions of Tomcat. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApache Tomcat| | 02 Jul 2007| 14 Aug 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23993544 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://tomcat.apache.org/security.html>\n * <http://seclists.org/fulldisclosure/2007/Aug/0236.html>\n * <http://secunia.com/advisories/26466/>\n\n### Credit\n\nThanks to Tomasz Kuczynski for reporting this vulnerability.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3382](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382>)\n * Date Public: 13 Aug 2007\n * Date First Published: 14 Aug 2007\n * Date Last Updated: 15 Aug 2007\n * Severity Metric: 4.61\n * Document Revision: 6\n\n", "published": "2007-08-14T00:00:00", "modified": "2007-08-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.kb.cert.org/vuls/id/993544", "reporter": "CERT", "references": ["http://seclists.org/fulldisclosure/2007/Aug/0236.html", "http://tomcat.apache.org/security.html", "http://tomcat.apache.org/security.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382", "http://secunia.com/advisories/26466/"], "cvelist": ["CVE-2007-3382", "CVE-2007-3382"], "lastseen": "2018-08-30T20:36:12", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2018-08-30T20:36:12", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "VU:993544", "hash": "a49f2edeb54cefa8e1fa28fa4a26cbf9", "type": "cert", "bulletinFamily": "info", "title": "Apache Tomcat fails to properly handle cookies containing single quotes", "description": "### Overview\n\nApache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking.\n\n### Description\n\nApache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter. This can cause the Tomcat cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the single quote. According to the vendor, the following versions of Apache Tomcat are affected \n\n`6.0.0 to 6.0.13 \n5.5.0 to 5.5.24 \n5.0.0 to 5.0.30 \n4.1.0 to 4.1.36 \n3.3 to 3.3.2` \n \n--- \n \n### Impact\n\nThis vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nThis vulnerability is addressed in Apache Tomcat 6.0.14. Please check the Apache Tomcat [Security](<http://tomcat.apache.org/security.html>) page for availability of fixes for this and other versions of Tomcat. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApache Tomcat| | 02 Jul 2007| 14 Aug 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23993544 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://tomcat.apache.org/security.html>\n * <http://seclists.org/fulldisclosure/2007/Aug/0236.html>\n * <http://secunia.com/advisories/26466/>\n\n### Credit\n\nThanks to Tomasz Kuczynski for reporting this vulnerability.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3382](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382>)\n * Date Public: 13 Aug 2007\n * Date First Published: 14 Aug 2007\n * Date Last Updated: 15 Aug 2007\n * Severity Metric: 4.61\n * Document Revision: 6\n\n", "published": "2007-08-14T00:00:00", "modified": "2007-08-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.kb.cert.org/vuls/id/993544", "reporter": "CERT", "references": ["http://seclists.org/fulldisclosure/2007/Aug/0236.html", "http://tomcat.apache.org/security.html", "http://tomcat.apache.org/security.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382", "http://secunia.com/advisories/26466/"], "cvelist": ["CVE-2007-3382", "CVE-2007-3382"], "lastseen": "2018-08-31T02:36:57", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2018-08-31T02:36:57", "differentElements": ["cvelist", "description", "modified", "references"], "edition": 4}], "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.4", "_object_type": "robots.models.cert.CertBulletin", "_object_types": ["robots.models.cert.CertBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2018-10-18T15:06:10", "references": ["http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554", "http://www.vupen.com/english/advisories/2007/3527", "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55562", "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "http://www.debian.org/security/2008/dsa-1447", "http://www.redhat.com/support/errata/RHSA-2007-0950.html", "http://www.debian.org/security/2008/dsa-1453", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795", "http://www.securityfocus.com/archive/1/476466/100/0/threaded", "http://www.securityfocus.com/bid/25316", "http://www.vupen.com/english/advisories/2009/0233", "http://www.redhat.com/support/errata/RHSA-2008-0195.html", "http://www.vupen.com/english/advisories/2007/2902", "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "http://www.securityfocus.com/archive/1/500412/100/0/threaded", "http://support.apple.com/kb/HT2163", "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "http://www.redhat.com/support/errata/RHSA-2007-0871.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006", "http://www.vupen.com/english/advisories/2007/3386", "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241", "http://www.securityfocus.com/archive/1/500396/100/0/threaded", "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "http://www.vupen.com/english/advisories/2008/1981/references", "http://securitytracker.com/id?1018556", "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", "http://tomcat.apache.org/security-6.html", "http://www.securityfocus.com/archive/1/476442/100/0/threaded", "http://www.kb.cert.org/vuls/id/993544"], "description": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "edition": 4, "reporter": "NVD", "published": "2007-08-14T18:17:00", "title": "CVE-2007-3382", "type": "cve", "enchantments": {"score": {"modified": "2018-10-18T15:06:10", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11269", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11269"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-3382"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11269", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11269"}], "modified": "2018-10-16T12:48:40", "cpe": ["cpe:/a:apache:tomcat:4.1.36", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.0.5", "cpe:/a:apache:tomcat:4.1.1", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.0.26", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:5.0.10", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.0.11", "cpe:/a:apache:tomcat:5.0.14", "cpe:/a:apache:tomcat:4.1.28", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.0.13", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:4.1.0", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:4.1.2", "cpe:/a:apache:tomcat:4.1.15", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.0.27", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:4.1.9:beta", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:4.1.3", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.0.2", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:5.0.21", "cpe:/a:apache:tomcat:5.0.28", "cpe:/a:apache:tomcat:5.0.6", "cpe:/a:apache:tomcat:5.0.8", "cpe:/a:apache:tomcat:4.1.3:beta", "cpe:/a:apache:tomcat:3.3.2", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.0.19", "cpe:/a:apache:tomcat:3.3", "cpe:/a:apache:tomcat:5.0.17", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:3.3.1", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:4.1.10", "cpe:/a:apache:tomcat:5.0.24", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.0.22", "cpe:/a:apache:tomcat:5.0.25", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.0.3", "cpe:/a:apache:tomcat:3.3.1a", "cpe:/a:apache:tomcat:5.0.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.0.4", "cpe:/a:apache:tomcat:5.0.0", "cpe:/a:apache:tomcat:5.0.30", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.0.1", "cpe:/a:apache:tomcat:5.0.18", "cpe:/a:apache:tomcat:5.0.7", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.0.16", "cpe:/a:apache:tomcat:5.0.29", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:4.1.31", "cpe:/a:apache:tomcat:5.0.23", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:4.1.24", "cpe:/a:apache:tomcat:5.0.15", "cpe:/a:apache:tomcat:5.0.9", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2007-3382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3382", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2007-3382: Handling of cookies containing a ' character\r\n\r\nSeverity:\r\nLow (Session Hi-jacking)\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\n6.0.0 to 6.0.13\r\n5.5.0 to 5.5.24\r\n5.0.0 to 5.0.30\r\n4.1.0 to 4.1.36\r\n3.3 to 3.3.2\r\n\r\nDescription:\r\nTomcat incorrectly treats a single quote character (') in a cookie\r\nvalue as a delimiter. In some circumstances this can lead to the\r\nleaking of information such as session ID to an attacker.\r\n\r\nMitigation:\r\nUpgrade to 6.0.14\r\n\r\nCredit:\r\nThis issue was discovered by Tomasz Kuczynski, Poznan Supercomputing\r\nand Networking Center, who worked with the CERT/CC to report the\r\nvulnerability.\r\n\r\nExample:\r\nhttp://localost:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFGwSFVb7IeiTPGAkMRAjkwAKDnu+C08WRZazmZfzunFeHcitsvnACg3CtP\r\n6c6FCxbFOcfxhqqayg8kdUI=\r\n=MkDj\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2007-08-14T00:00:00", "title": "CVE-2007-3382: Handling of cookies containing a ' character", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:23", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3382"], "modified": "2007-08-14T00:00:00", "id": "SECURITYVULNS:DOC:17779", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17779", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:29", "references": [], "description": "Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\r\n\r\n\r\nCA Advisory Reference: CA20090123-01\r\n\r\n\r\nCA Advisory Date: 2009-01-23\r\n\r\n\r\nReported By: n/a\r\n\r\n\r\nImpact: Refer to the CVE identifiers for details.\r\n\r\n\r\nSummary: Multiple security risks exist in Apache Tomcat as \r\nincluded with CA Cohesion Application Configuration Manager. CA \r\nhas issued an update to address the vulnerabilities. Refer to the \r\nReferences section for the full list of resolved issues by CVE \r\nidentifier.\r\n\r\n\r\nMitigating Factors: None\r\n\r\n\r\nSeverity: CA has given these vulnerabilities a Medium risk rating.\r\n\r\n\r\nAffected Products:\r\nCA Cohesion Application Configuration Manager 4.5\r\n\r\n\r\nNon-Affected Products\r\nCA Cohesion Application Configuration Manager 4.5 SP1\r\n\r\n\r\nAffected Platforms:\r\nWindows\r\n\r\n\r\nStatus and Recommendation:\r\nCA has issued the following update to address the vulnerabilities.\r\n\r\nCA Cohesion Application Configuration Manager 4.5:\r\n\r\nRO04648\r\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\r\n&searchID=RO04648\r\n\r\n\r\nHow to determine if you are affected:\r\n\r\n1. Using Windows Explorer, locate the file "RELEASE-NOTES".\r\n2. By default, the file is located in the \r\n "C:\Program Files\CA\Cohesion\Server\server\" directory.\r\n3. Open the file with a text editor.\r\n4. If the version is less than 5.5.25, the installation is \r\n vulnerable.\r\n\r\n\r\nWorkaround: None\r\n\r\n\r\nReferences (URLs may wrap):\r\nCA Support:\r\nhttp://support.ca.com/\r\nCA20090123-01: Security Notice for Cohesion Tomcat\r\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\r\n40\r\nSolution Document Reference APARs:\r\nRO04648\r\nCA Security Response Blog posting:\r\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\r\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\r\nReported By: \r\nn/a\r\nCVE References:\r\nCVE-2005-2090\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\r\nCVE-2005-3510\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\r\nCVE-2006-3835\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\r\nCVE-2006-7195\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\r\nCVE-2006-7196\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\r\nCVE-2007-0450\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\r\nCVE-2007-1355\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\r\nCVE-2007-1358\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\r\nCVE-2007-1858\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\r\nCVE-2007-2449\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\r\nCVE-2007-2450\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\r\nCVE-2007-3382\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\nCVE-2007-3385 *\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\r\nCVE-2007-3386\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\r\nCVE-2008-0128\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\r\n*Note: the issue was not completely fixed by Tomcat maintainers.\r\nOSVDB References: Pending\r\nhttp://osvdb.org/\r\n\r\n\r\nChangelog for this advisory:\r\nv1.0 - Initial Release\r\nv1.1 - Updated Impact, Summary, Affected Products\r\n\r\n\r\nCustomers who require additional information should contact CA\r\nTechnical Support at http://support.ca.com.\r\n\r\nFor technical questions or comments related to this advisory, \r\nplease send email to vuln AT ca DOT com.\r\n\r\nIf you discover a vulnerability in CA products, please report your \r\nfindings to the CA Product Vulnerability Response Team.\r\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\r\n82\r\n\r\n\r\nRegards,\r\nKen Williams, Director ; 0xE2941985\r\nCA Product Vulnerability Response Team\r\n\r\n\r\nCA, 1 CA Plaza, Islandia, NY 11749\r\n \r\nContact http://www.ca.com/us/contact/\r\nLegal Notice http://www.ca.com/us/legal/\r\nPrivacy Policy http://www.ca.com/us/privacy/\r\nCopyright (c) 2009 CA. All rights reserved.", "edition": 1, "reporter": "Securityvulns", "published": "2009-01-28T00:00:00", "title": "CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:29", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-1355", "CVE-2005-2090", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2006-7195", "CVE-2007-0450", "CVE-2008-0128", "CVE-2006-7196", "CVE-2007-3385", "CVE-2005-3510", "CVE-2007-1358", "CVE-2007-1858", "CVE-2006-3835"], "modified": "2009-01-28T00:00:00", "id": "SECURITYVULNS:DOC:21244", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21244", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "references": [], "description": "## Solution Description\nUpgrade to version 4.1.HEAD, 5.5.25, 6.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-6.html\n[Secunia Advisory ID:27037](https://secuniaresearch.flexerasoftware.com/advisories/27037/)\n[Secunia Advisory ID:27267](https://secuniaresearch.flexerasoftware.com/advisories/27267/)\n[Secunia Advisory ID:28317](https://secuniaresearch.flexerasoftware.com/advisories/28317/)\n[Secunia Advisory ID:28361](https://secuniaresearch.flexerasoftware.com/advisories/28361/)\n[Secunia Advisory ID:27727](https://secuniaresearch.flexerasoftware.com/advisories/27727/)\n[Secunia Advisory ID:26466](https://secuniaresearch.flexerasoftware.com/advisories/26466/)\n[Secunia Advisory ID:26898](https://secuniaresearch.flexerasoftware.com/advisories/26898/)\n[Related OSVDB ID: 37071](https://vulners.com/osvdb/OSVDB:37071)\nRedHat RHSA: RHSA-2007:0871\nOther Advisory URL: HPSBUX02262 SSRT071447:\nOther Advisory URL: HPSBTU02276 SSRT071472:\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\nOther Advisory URL: http://www.us.debian.org/security/2008/dsa-1453\nOther Advisory URL: http://www.debian.org/security/2008/dsa-1447\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0190.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0198.html\nISS X-Force ID: 36006\nFrSIRT Advisory: ADV-2007-2902\nFrSIRT Advisory: ADV-2007-3386\nFrSIRT Advisory: ADV-2007-3527\n[CVE-2007-3382](https://vulners.com/cve/CVE-2007-3382)\nCERT VU: 993544\nBugtraq ID: 25316\n", "edition": 1, "reporter": "OSVDB", "published": "2007-08-14T11:51:35", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3382"], "modified": "2007-08-14T11:51:35", "href": "https://vulners.com/osvdb/OSVDB:37070", "id": "OSVDB:37070", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:29:12", "osvdbidlist": ["37070"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Apache Tomcat 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure. CVE-2007-3382. Remote exploits for multiple platform", "reporter": "Tomasz Kuczynski", "published": "2007-08-14T00:00:00", "type": "exploitdb", "title": "Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3382"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2007-08-14T00:00:00", "id": "EDB-ID:30496", "href": "https://www.exploit-db.com/exploits/30496/", "sourceData": "source: http://www.securityfocus.com/bid/25316/info\r\n\r\nApache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.\r\n\r\nAttackers can exploit these issues to access potentially sensitive data that may aid in further attacks.\r\n\r\nVersions prior to Apache Tomcat 6.0.14 are vulnerable. \r\n\r\nhttp://www.example.com:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B\r\n\r\nhttp://www.example.com:8080/servlets-examples/servlet/CookieExample?cookiename=BLOCKER&cookievalue=%5C%22A%3D%27%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2Fservlets-examples%2Fservlet+%3B ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30496/"}], "redhat": [{"lastseen": "2018-12-11T17:44:26", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.2.0-2.CP01.ep1.4", "arch": "noarch", "packageName": "jbossas", "packageFilename": "jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm", "operator": "lt"}], "description": "The updated packages address the following security vulnerabilities:\r\n\r\nTomcat incorrectly treated a single quote character (') in a cookie value\r\nas a delimiter. In some circumstances this lead to the leaking of\r\ninformation such as session ID to an attacker (CVE-2007-3382).\r\n\r\nTomcat incorrectly handled the character sequence \\\" in a cookie value. In\r\nsome circumstances this lead to the leaking of information such as session\r\nID to an attacker (CVE-2007-3385).\r\n\r\nIn addition to these security fixes, this update also fixes several bugs in\r\nJBoss Enterprise Application Platform. Please see the referenced release\r\nnotes for the list of bugs fixed.\r\n\r\nUsers of JBoss Enterprise Application Platform should upgrade to these\r\nupdated packages which contain fixes to correct these issues.\r\n\r\nFor users of Red Hat Application Stack v1, installation of this errata will\r\nautomatically bring the system up to V.1.2. Please note the following\r\nchanges that may affect you:\r\n\r\n- Stacks V.1.2 has a new version of JBoss Application Server which\r\nrequires Java version 1.5 to run.\r\n\r\n- Unless the JBOSS_IP variable is explicitly set in the configuration\r\nfile, JBoss Application Server services are now bound to localhost.\r\n\r\n- Unless the JBOSSCONF variable is explicitly set in the configuration\r\nfile, JBoss Application Server will start with the production config\r\nwhen started via the init script.\r\n\r\nRefer to the release notes for more information on how to set the\r\nJBOSS_IP and JBOSSCONF variables.", "reporter": "RedHat", "published": "2007-11-05T05:00:00", "type": "redhat", "title": "(RHSA-2007:0950) Moderate: JBoss Enterprise Application Platform security update", "enchantments": {"score": {"modified": "2018-12-11T17:44:26", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-3385"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:42:11", "id": "RHSA-2007:0950", "href": "https://access.redhat.com/errata/RHSA-2007:0950", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:43:12", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageName": "tomcat5-jsp-2.0-api", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm", "operator": "lt"}], "description": "Tomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\r\nServlet. This allowed remote attackers to inject arbitrary HTML and web\r\nscript via crafted requests (CVE-2007-3386).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "reporter": "RedHat", "published": "2007-09-26T04:00:00", "type": "redhat", "title": "(RHSA-2007:0871) Moderate: tomcat security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:56:14", "id": "RHSA-2007:0871", "href": "https://access.redhat.com/errata/RHSA-2007:0871", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:42:34", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.5.23-0jpp_11rh", "arch": "noarch", "packageName": "tomcat5-server-lib", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm", "operator": "lt"}], "description": "Tomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA directory traversal vulnerability existed in the Apache Tomcat webdav\r\nservlet. This allowed remote attackers to remote authenticated users to\r\nread accessible to the local user running the tomcat process (CVE-2007-5461).\r\n\r\nThe default security policy in the JULI logging component did not restrict\r\naccess permissions to files. This could be misused by untrusted web\r\napplications to access and write arbitrary files in the context of the\r\ntomcat process (CVE-2007-5342).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "reporter": "RedHat", "published": "2008-04-28T04:00:00", "type": "redhat", "title": "(RHSA-2008:0195) Moderate: tomcat security update", "enchantments": {"score": {"modified": "2018-12-11T17:42:34", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5342", "CVE-2007-5461"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:42:03", "id": "RHSA-2008:0195", "href": "https://access.redhat.com/errata/RHSA-2008:0195", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:12", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.5.23-0jpp_4rh.4", "arch": "noarch", "packageName": "tomcat5-jasper", "packageFilename": "tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm", "operator": "lt"}], "description": "Tomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat incorrectly handled \"Accept-Language\" headers that do not conform to\r\nRFC 2616. An attacker was able to perform cross-site scripting (XSS)\r\nattacks in certain applications (CVE-2007-1358).\r\n\r\nSome JSPs within the 'examples' web application did not escape user\r\nprovided data. If the JSP examples were accessible, this flaw could allow a\r\nremote attacker to perform cross-site scripting attacks (CVE-2007-2449).\r\n\r\nNote: it is recommended the 'examples' web application not be installed on\r\na production system.\r\n\r\nThe Manager and Host Manager web applications did not escape user provided\r\ndata. If a user is logged in to the Manager or Host Manager web\r\napplication, an attacker could perform a cross-site scripting attack\r\n(CVE-2007-2450). \r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\r\nServlet. This allowed remote attackers to inject arbitrary HTML and web\r\nscript via crafted requests (CVE-2007-3386).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "reporter": "RedHat", "published": "2007-10-11T04:00:00", "type": "redhat", "title": "(RHSA-2007:0876) Moderate: tomcat security update", "enchantments": {"score": {"modified": "2018-12-11T17:45:12", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:41:35", "id": "RHSA-2007:0876", "href": "https://access.redhat.com/errata/RHSA-2007:0876", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:44:05", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.0.30-0jpp_6rh", "arch": "noarch", "packageName": "tomcat5", "packageFilename": "tomcat5-5.0.30-0jpp_6rh.noarch.rpm", "operator": "lt"}], "description": "Tomcat is a servlet container for Java Servlet and JavaServer Pages\r\ntechnologies.\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385). \r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nThe default Tomcat configuration permitted the use of insecure\r\nSSL cipher suites including the anonymous cipher suite. (CVE-2007-1858)\r\n\r\nTomcat permitted various characters as path delimiters. If Tomcat was used\r\nbehind certain proxies and configured to only proxy some contexts, an\r\nattacker could construct an HTTP request to work around the context\r\nrestriction and potentially access non-proxied content. (CVE-2007-0450)\r\n\r\nDirectory listings were enabled by default in Tomcat. Information stored\r\nunprotected under the document root was visible to anyone if the\r\nadministrator did not disable directory listings. (CVE-2006-3835)\r\n\r\nIt was found that generating listings of large directories was CPU\r\nintensive. An attacker could make repeated requests to obtain a directory\r\nlisting of any large directory, leading to a denial of service.\r\n(CVE-2005-3510) \r\n\r\nTomcat was found to accept multiple content-length headers in a\r\nrequest. This could allow attackers to poison a web-cache, bypass web\r\napplication firewall protection, or conduct cross-site scripting attacks.\r\n(CVE-2005-2090)\r\n\r\nUsers should upgrade to these erratum packages which contain an update to\r\nTomcat that resolves these issues, and add the tyrex and\r\njakarta-commons-pool packages which are required dependencies of the new\r\nTomcat version.", "reporter": "RedHat", "published": "2007-11-26T05:00:00", "type": "redhat", "title": "(RHSA-2007:1069) Moderate: tomcat security update for Red Hat Network Satellite Server", "enchantments": {"score": {"modified": "2018-12-11T17:44:05", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2090", "CVE-2005-3510", "CVE-2006-3835", "CVE-2007-0450", "CVE-2007-1858", "CVE-2007-3382", "CVE-2007-3385"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:42:14", "id": "RHSA-2007:1069", "href": "https://access.redhat.com/errata/RHSA-2007:1069", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:17", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.0.30-0jpp_10rh", "arch": "noarch", "packageName": "tomcat5", "packageFilename": "tomcat5-5.0.30-0jpp_10rh.noarch.rpm", "operator": "lt"}], "description": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.", "reporter": "RedHat", "published": "2008-05-20T04:00:00", "type": "redhat", "title": "(RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update", "enchantments": {"score": {"modified": "2018-12-11T17:44:17", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:42:02", "id": "RHSA-2008:0261", "href": "https://access.redhat.com/errata/RHSA-2008:0261", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:14", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "3", "packageVersion": "2.24-1.el3", "arch": "noarch", "packageName": "perl-Crypt-CBC", "packageFilename": "perl-Crypt-CBC-2.24-1.el3.noarch.rpm", "operator": "lt"}], "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server 4.2. In\na typical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.", "reporter": "RedHat", "published": "2008-06-30T04:00:00", "type": "redhat", "title": "(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update", "enchantments": {"score": {"modified": "2018-12-11T17:42:14", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0885", "CVE-2004-0914", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:41:49", "id": "RHSA-2008:0524", "href": "https://access.redhat.com/errata/RHSA-2008:0524", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:58:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 25316\r\nCVE(CAN) ID: CVE-2007-3385,CVE-2007-3382\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat\u5904\u7406\u7528\u6237\u8bf7\u6c42\u6570\u636e\u65f6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u4f1a\u8bdd\u76f8\u5173\u7684\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nApache Tomcat\u6ca1\u6709\u6b63\u786e\u7684\u5904\u7406Cookie\u503c\u4e2d\u7684\u201c\\" \u201d\u5b57\u7b26\u5e8f\u5217\uff0c\u4e14\u9519\u8bef\u5730\u5c06Cookie\u503c\u4e2d\u7684\u5355\u5f15\u53f7\u5904\u7406\u4e3a\u5206\u9694\u7b26\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u5982\u4f1a\u8bddID\u3002\r\n\n\nApache Group Tomcat 6.0.0 - 6.0.13\r\nApache Group Tomcat 5.5.0 - 5.5.24\r\nApache Group Tomcat 4.1.0 - 4.1.36\r\nApache Group Tomcat 3.3 - 3.3.2\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz\" target=\"_blank\">http://apache.mirror.rafal.ca/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz</a>", "reporter": "Root", "published": "2007-08-23T00:00:00", "title": "Apache Tomcat\u591a\u4e2a\u8fdc\u7a0b\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3382", "CVE-2007-3385"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2007-08-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2153", "id": "SSV:2153", "sourceData": "\n http://localhost:8080/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=%5C%22FOO%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%3B+Path%3D%2F%3B\r\nhttp://localost:8080/servlets-examples/servlet/CookieExample?cookiename=BL\n ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-2153", "status": "poc,details"}], "openvas": [{"lastseen": "2018-09-28T18:23:41", "references": ["http://linux.oracle.com/errata/ELSA-2007-0871.html"], "pluginID": "1361412562310122660", "description": "Oracle Linux Local Security Checks ELSA-2007-0871", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-08T00:00:00", "title": "Oracle Linux Local Check: ELSA-2007-0871", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0871.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122660\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:28 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0871\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0871 - Moderate: tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0871\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0871.html\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "60108", "description": "The remote host is missing an update to tomcat5\nannounced via advisory DSA 1453-1.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 1453-1 (tomcat5)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60108", "id": "OPENVAS:60108", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1453_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1453-1 (tomcat5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\nIt was discovered that single quotes (') in cookies were treated\nas a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\nIt was discovered that the character sequence \\ in cookies was\nhandled incorrectly, which could lead to an information leak.\n\nCVE-2007-5461\n\nIt was discovered that the WebDAV servlet is vulnerable to absolute\npath traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.\n\nThe unstable distribution (sid) no longer contains tomcat5.\n\nWe recommend that you upgrade your tomcat5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5\nannounced via advisory DSA 1453-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201453-1\";\n\n\nif(description)\n{\n script_id(60108);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5461\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1453-1 (tomcat5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tomcat5\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat5-java\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5-admin\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5-webapps\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:49", "references": [], "pluginID": "60102", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1447-1.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 1447-1 (tomcat5.5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60102", "id": "OPENVAS:60102", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1447_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1447-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\nIt was discovered that single quotes (') in cookies were treated\nas a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\nIt was discovered that the character sequence \\ in cookies was\nhandled incorrectly, which could lead to an information leak.\n\nCVE-2007-3386\n\nIt was discovered that the host manager servlet performed\ninsufficient input validation, which could lead to cross-site\nscripting.\n\nCVE-2007-5342\n\nIt was discovered that the JULI logging component did not restrict\nits target path, resulting in potential denial of service through\nfile overwrites.\n\nCVE-2007-5461\n\nIt was discovered that the WebDAV servlet is vulnerable to absolute\npath traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1447-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201447-1\";\n\n\nif(description)\n{\n script_id(60102);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5461\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1447-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:06", "references": [], "pluginID": "65440", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES9: Security update for Tomcat", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2008-0128", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65440", "id": "OPENVAS:65440", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021793.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65440);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2005-2090\", \"CVE-2008-0128\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jakarta-tomcat-doc\", rpm:\"jakarta-tomcat-doc~5.0.19~29.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:57", "references": [], "pluginID": "136141256231065440", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for Tomcat", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2008-0128", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065440", "id": "OPENVAS:136141256231065440", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021793.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65440\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2005-2090\", \"CVE-2008-0128\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jakarta-tomcat-doc\", rpm:\"jakarta-tomcat-doc~5.0.19~29.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:19", "references": ["https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "2007-3456"], "pluginID": "861516", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for tomcat5 FEDORA-2007-3456", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861516", "id": "OPENVAS:861516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3456\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\");\n script_id(861516);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3456\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3456\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:38:26", "references": ["http://lists.mandriva.com/security-announce/2007-12/msg00009.php", "2007:241"], "pluginID": "1361412562310830069", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830069", "id": "OPENVAS:1361412562310830069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the " character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830069\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:59", "references": ["2007-3474", "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00545.html"], "pluginID": "861582", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for tomcat5 FEDORA-2007-3474", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861582", "id": "OPENVAS:861582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3474\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00545.html\");\n script_id(861582);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3474\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3474\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:00", "references": ["http://lists.mandriva.com/security-announce/2007-12/msg00009.php", "2007:241"], "pluginID": "830069", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830069", "id": "OPENVAS:830069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the " character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_id(830069);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:08", "references": ["2008-1467", "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"], "pluginID": "860524", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-16T00:00:00", "title": "Fedora Update for tomcat5 FEDORA-2008-1467", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860524", "id": "OPENVAS:860524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-1467\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html\");\n script_id(860524);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-1467\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-1358\", \"CVE-2008-0002\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-1467\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.26~1jpp.2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:46", "references": ["https://rhn.redhat.com/errata/RHSA-2007-0871.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jasper", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jasper-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jsp-2.0-api", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-servlet-2.4-api", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-server-lib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-webapps", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-webapps", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-common-lib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-server-lib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm", "packageName": "tomcat5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm", "packageName": "tomcat5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jasper-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-admin-webapps", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jasper", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-common-lib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-admin-webapps", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2007:0871\n\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\r\nServlet. This allowed remote attackers to inject arbitrary HTML and web\r\nscript via crafted requests (CVE-2007-3386).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014257.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014258.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0871.html", "edition": 1, "reporter": "CentOS Project", "published": "2007-09-28T08:11:50", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "tomcat5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2007-09-28T08:11:51", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/014257.html", "id": "CESA-2007:0871", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:16:25", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-September/000337.html"], "pluginID": "67564", "description": "From Red Hat Security Advisory 2007:0871 :\n\nUpdated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.", "edition": 7, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : tomcat (ELSA-2007-0871)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api"], "id": "ORACLELINUX_ELSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0871 and \n# Oracle Linux Security Advisory ELSA-2007-0871 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67564);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2007-0871)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0871 :\n\nUpdated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000337.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:29", "references": ["https://access.redhat.com/security/cve/cve-2007-3386", "https://access.redhat.com/security/cve/cve-2007-3385", "https://access.redhat.com/security/cve/cve-2007-3382", "http://tomcat.apache.org/security-5.html", "https://access.redhat.com/errata/RHSA-2007:0871"], "pluginID": "26190", "description": "Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.", "edition": 9, "reporter": "Tenable", "published": "2007-09-26T00:00:00", "title": "RHEL 5 : tomcat (RHSA-2007:0871)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2018-11-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api"], "id": "REDHAT-RHSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=26190", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0871. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26190);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2007:0871)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0871\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0871\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:12", "references": ["http://www.nessus.org/u?ffe1d9a4", "http://www.nessus.org/u?bf8e66f1"], "pluginID": "43651", "description": "Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.", "edition": 9, "reporter": "Tenable", "published": "2010-01-06T00:00:00", "title": "CentOS 5 : tomcat (CESA-2007:0871)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-webapps", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-common-lib", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc"], "id": "CENTOS_RHSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43651", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0871 and \n# CentOS Errata and Security Advisory 2007:0871 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43651);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"CentOS 5 : tomcat (CESA-2007:0871)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffe1d9a4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf8e66f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-3382", "https://www.debian.org/security/2008/dsa-1453", "https://security-tracker.debian.org/tracker/CVE-2007-3385", "https://security-tracker.debian.org/tracker/CVE-2007-5461"], "pluginID": "29872", "description": "Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.", "edition": 9, "reporter": "Tenable", "published": "2008-01-08T00:00:00", "title": "Debian DSA-1453-1 : tomcat5 - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:tomcat5"], "id": "DEBIAN_DSA-1453.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1453. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29872);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5461\");\n script_xref(name:\"DSA\", value:\"1453\");\n\n script_name(english:\"Debian DSA-1453-1 : tomcat5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1453\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5 packages.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(22, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libtomcat5-java\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5-admin\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5-webapps\", reference:\"5.0.30-12etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:11:27", "references": ["https://seclists.org/bugtraq/2007/Jun/182", "https://seclists.org/bugtraq/2007/Jun/180", "http://www.nessus.org/u?1a40289c"], "pluginID": "51059", "description": "According to its self-reported version number, the instance Apache\nTomcat running on the remote host is 5.0.x equal to or prior to 5.0.30\nor 5.5.x prior to 5.5.25. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An error exists in several JSP example files that allows\n script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not\n properly sanitize the 'filename' parameter of the\n '/manager/html/upload' script, which can lead to cross-\n site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values\n containing single quotes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values\n containing backslashes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which\n allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 11, "reporter": "Tenable", "published": "2010-12-07T00:00:00", "title": "Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_25.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51059);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n script_bugtraq_id(24475, 24476, 25314, 25316);\n script_xref(name:\"CERT\", value:\"993544\");\n script_xref(name:\"Secunia\", value:\"25678\");\n script_xref(name:\"Secunia\", value:\"26465\");\n script_xref(name:\"Secunia\", value:\"26466\");\n\n script_name(english:\"Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance Apache\nTomcat running on the remote host is 5.0.x equal to or prior to 5.0.30\nor 5.5.x prior to 5.5.25. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An error exists in several JSP example files that allows\n script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not\n properly sanitize the 'filename' parameter of the\n '/manager/html/upload' script, which can lead to cross-\n site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values\n containing single quotes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values\n containing backslashes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which\n allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.25,_5.0.SVN\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a40289c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/182\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 5.5.25. Alternatively, use the latest\nSVN source for 5.0.x. The 5.0.x branch was fixed in SVN revision\nnumber 588821.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# nb: 5.0.30 was the last 5.0.x and thus all 5.0.x are vuln\ntomcat_check_version(fixed:\"5.5.25\", min:\"5.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^5(\\.5)?$\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-3382", "https://security-tracker.debian.org/tracker/CVE-2007-3386", "https://security-tracker.debian.org/tracker/CVE-2007-3385", "https://security-tracker.debian.org/tracker/CVE-2007-5342", "https://www.debian.org/security/2008/dsa-1447", "https://security-tracker.debian.org/tracker/CVE-2007-5461"], "pluginID": "29856", "description": "Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-3386\n It was discovered that the host manager servlet\n performed insufficient input validation, which could\n lead to a cross-site scripting attack.\n\n - CVE-2007-5342\n It was discovered that the JULI logging component did\n not restrict its target path, resulting in potential\n denial of service through file overwrites.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.", "edition": 9, "reporter": "Tenable", "published": "2008-01-07T00:00:00", "title": "Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:tomcat5.5"], "id": "DEBIAN_DSA-1447.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29856", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1447. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29856);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5461\");\n script_xref(name:\"DSA\", value:\"1447\");\n\n script_name(english:\"Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-3386\n It was discovered that the host manager servlet\n performed insufficient input validation, which could\n lead to a cross-site scripting attack.\n\n - CVE-2007-5342\n It was discovered that the JULI logging component did\n not restrict its target path, resulting in potential\n denial of service through file overwrites.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1447\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libtomcat5.5-java\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-admin\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-webapps\", reference:\"5.5.20-2etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:40:34", "references": ["http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.14"], "pluginID": "121113", "description": "According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.14. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due \n to improper validation of user-supplied input before \n returning it to users. An unauthenticated, remote attacker \n can exploit this, by convincing a user to click a specially \n crafted URL, to execute arbitrary script code in a user's \n browser session. (CVE-2007-2449, CVE-2007-2450, \n CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to \n incorrect handling of specific special characters in cookie\n values. In certain cases an attacker could leverage this\n to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 2, "reporter": "Tenable", "published": "2019-01-11T00:00:00", "title": "Apache Tomcat < 6.0.14 Multiple Vulnerabilities", "type": "nessus", "enchantments": {}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2019-01-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=121113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121113);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/01/11 15:28:43\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n\n script_name(english:\"Apache Tomcat < 6.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple \nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.14. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due \n to improper validation of user-supplied input before \n returning it to users. An unauthenticated, remote attacker \n can exploit this, by convincing a user to click a specially \n crafted URL, to execute arbitrary script code in a user's \n browser session. (CVE-2007-2449, CVE-2007-2450, \n CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to \n incorrect handling of specific special characters in cookie\n values. In certain cases an attacker could leverage this\n to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.14\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 6.0.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-2449\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.14\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:09", "references": [], "pluginID": "31338", "description": "Fixed various issues in tomcat :\n\n - CVE-2007-3382: Handling of cookies containing a '\n character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2007-3386: tomcat XSS \n\n - CVE-2007-5342: insufficient access restrictions\n\nAdditionally the dbcp namespace in commons-dbcp.jar was fixed.", "edition": 6, "reporter": "Tenable", "published": "2008-03-04T00:00:00", "title": "openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api", "p-cpe:/a:novell:opensuse:tomcat55-common-lib", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc", "p-cpe:/a:novell:opensuse:apache2-mod_jk", "p-cpe:/a:novell:opensuse:tomcat55", "p-cpe:/a:novell:opensuse:tomcat55-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat55-webapps", "p-cpe:/a:novell:opensuse:tomcat55-server-lib", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jasper"], "id": "SUSE_APACHE2-MOD_JK-4997.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31338", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_jk-4997.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31338);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5641\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)\");\n script_summary(english:\"Check for the apache2-mod_jk-4997 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed various issues in tomcat :\n\n - CVE-2007-3382: Handling of cookies containing a '\n character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2007-3386: tomcat XSS \n\n - CVE-2007-5342: insufficient access restrictions\n\nAdditionally the dbcp namespace in commons-dbcp.jar was fixed.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_jk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_jk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-mod_jk-1.2.21-59.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-admin-webapps-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-common-lib-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-server-lib-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-webapps-5.5.23-113.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_jk / tomcat55 / tomcat55-admin-webapps / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:25", "references": ["http://support.novell.com/security/cve/CVE-2008-0128.html", "http://support.novell.com/security/cve/CVE-2005-2090.html", "http://support.novell.com/security/cve/CVE-2007-3385.html", "http://support.novell.com/security/cve/CVE-2007-5641.html", "http://support.novell.com/security/cve/CVE-2007-3382.html", "http://support.novell.com/security/cve/CVE-2007-1860.html"], "pluginID": "41198", "description": "Fixed various issues in tomcat :\n\n - mod_jk directory traversal. (CVE-2007-1860)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of a double-quote character in cookies.\n (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)\n\n - tomcat https information disclosure. (CVE-2008-0128)", "edition": 5, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12078)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2008-0128", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41198);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:21 $\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2008-0128\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed various issues in tomcat :\n\n - mod_jk directory traversal. (CVE-2007-1860)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of a double-quote character in cookies.\n (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)\n\n - tomcat https information disclosure. (CVE-2008-0128)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-2090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1860.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3382.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0128.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12078.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 94, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:42", "references": ["https://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/487822/100/0/threaded", "http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.37", "https://www.securityfocus.com/archive/1/archive/1/471357/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/474413/100/0/threaded", "https://www.securityfocus.com/archive/1/archive/1/469067/100/0/threaded"], "pluginID": "47030", "description": "According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.37. It is,\ntherefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack if the deprecated AJP\n connector processes a client request having a non-zero\n Content-Length and the client disconnects before\n sending the request body. (CVE-2005-3164)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP and Servlet\n examples are enabled. Several of these examples do\n not properly validate user input.\n (CVE-2007-1355, CVE-2007-2449)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the Manager web\n application is enabled as it fails to escape input\n data. (CVE-2007-2450)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. Apache Tomcat\n treats the single quote character in a cookie as a\n delimiter which can lead to information, such as session\n ID, to be disclosed. (CVE-2007-3382)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the SendMailServlet is\n enabled. The SendMailServlet is a part of the examples\n web application and, when reporting error messages,\n fails to escape user provided data. (CVE-2007-3383)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. The previous\n fix for CVE-2007-3385 was incomplete and did not account\n for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a\n SYSTEM tag, can result in the disclosure of arbitrary\n file contents. (CVE-2007-5461)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number..", "edition": 11, "reporter": "Tenable", "published": "2010-06-16T00:00:00", "title": "Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3383", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2005-3164", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_4_1_37.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47030);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2005-3164\",\n \"CVE-2007-1355\",\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3383\",\n \"CVE-2007-3385\",\n \"CVE-2007-5333\",\n \"CVE-2007-5461\"\n );\n script_bugtraq_id(\n 15003,\n 24058,\n 24475,\n 24476,\n 24999,\n 25316,\n 26070,\n 27706\n );\n script_xref(name:\"Secunia\", value:\"25678\");\n script_xref(name:\"Secunia\", value:\"26466\");\n script_xref(name:\"Secunia\", value:\"28878\");\n script_xref(name:\"Secunia\", value:\"27398\");\n\n script_name(english:\"Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.37. It is,\ntherefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack if the deprecated AJP\n connector processes a client request having a non-zero\n Content-Length and the client disconnects before\n sending the request body. (CVE-2005-3164)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP and Servlet\n examples are enabled. Several of these examples do\n not properly validate user input.\n (CVE-2007-1355, CVE-2007-2449)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the Manager web\n application is enabled as it fails to escape input\n data. (CVE-2007-2450)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. Apache Tomcat\n treats the single quote character in a cookie as a\n delimiter which can lead to information, such as session\n ID, to be disclosed. (CVE-2007-3382)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the SendMailServlet is\n enabled. The SendMailServlet is a part of the examples\n web application and, when reporting error messages,\n fails to escape user provided data. (CVE-2007-3383)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. The previous\n fix for CVE-2007-3385 was incomplete and did not account\n for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a\n SYSTEM tag, can result in the disclosure of arbitrary\n file contents. (CVE-2007-5461)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number..\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.37\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/469067/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/471357/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/474413/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/487822/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"4.1.37\", min:\"4.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^4(\\.1)?$\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:12:59", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "5.0.30-12etch1", "arch": "all", "packageFilename": "libtomcat5-java_5.0.30-12etch1_all.deb", "packageName": "libtomcat5-java", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.0.30-12etch1", "arch": "all", "packageFilename": "tomcat5-admin_5.0.30-12etch1_all.deb", "packageName": "tomcat5-admin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.0.30-12etch1", "arch": "all", "packageFilename": "tomcat5-webapps_5.0.30-12etch1_all.deb", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.0.30-12etch1", "arch": "all", "packageFilename": "tomcat5_5.0.30-12etch1_all.deb", "packageName": "tomcat5", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1453-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 07, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : tomcat5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3382 CVE-2007-3385 CVE-2007-5461\n\nSeveral remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\n It was discovered that single quotes (') in cookies were treated\n as a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\n It was discovered that the character sequence \\" in cookies was\n handled incorrectly, which could lead to an information leak.\n\nCVE-2007-5461\n\n It was discovered that the WebDAV servlet is vulnerable to absolute\n path traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.\n\nThe unstable distribution (sid) no longer contains tomcat5.\n\nWe recommend that you upgrade your tomcat5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.diff.gz\n Size/MD5 checksum: 30232 4d49cb48fcbd1ffde3e1ab59751ea567\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.dsc\n Size/MD5 checksum: 1343 986018050a2272e753d5ef8db7994524\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30.orig.tar.gz\n Size/MD5 checksum: 3594081 0bf81a5293246aa509a3bfa1afeb3920\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1_all.deb\n Size/MD5 checksum: 45488 cb4b3ac3e28f621d70fa4a8098e8b1ac\n http://security.debian.org/pool/updates/main/t/tomcat5/libtomcat5-java_5.0.30-12etch1_all.deb\n Size/MD5 checksum: 3662182 f909205ef2d99e1343a2c54e06a40ba4\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-admin_5.0.30-12etch1_all.deb\n Size/MD5 checksum: 402176 4811ece0563a742982ecd7ffe0cd44b1\n http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-webapps_5.0.30-12etch1_all.deb\n Size/MD5 checksum: 1121936 14ed52052f9cc573fdf0648162370745\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2008-01-07T18:41:34", "title": "[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:59", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2008-01-07T18:41:34", "id": "DEBIAN:DSA-1453-1:B65B1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00011.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-16T22:13:26", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "5.5.20-2etch1", "arch": "all", "packageFilename": "tomcat5.5-webapps_5.5.20-2etch1_all.deb", "packageName": "tomcat5.5-webapps", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.5.20-2etch1", "arch": "all", "packageFilename": "tomcat5.5_5.5.20-2etch1_all.deb", "packageName": "tomcat5.5", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.5.20-2etch1", "arch": "all", "packageFilename": "libtomcat5.5-java_5.5.20-2etch1_all.deb", "packageName": "libtomcat5.5-java", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "5.5.20-2etch1", "arch": "all", "packageFilename": "tomcat5.5-admin_5.5.20-2etch1_all.deb", "packageName": "tomcat5.5-admin", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1447-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 03, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : tomcat5.5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461\n\nSeveral remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\n It was discovered that single quotes (') in cookies were treated\n as a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\n It was discovered that the character sequence \\" in cookies was\n handled incorrectly, which could lead to an information leak.\n\nCVE-2007-3386\n \n It was discovered that the host manager servlet performed\n insufficient input validation, which could lead to cross-site\n scripting.\n\nCVE-2007-5342\n\n It was discovered that the JULI logging component did not restrict\n its target path, resulting in potential denial of service through\n file overwrites.\n\nCVE-2007-5461\n\n It was discovered that the WebDAV servlet is vulnerable to absolute\n path traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your tomcat5.5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz\n Size/MD5 checksum: 4796377 5775bae8fac16a0e3a2c913c4768bb37\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.dsc\n Size/MD5 checksum: 1277 c2193e917dd759a50b8481177bfcef39\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.diff.gz\n Size/MD5 checksum: 28422 6df1691cbea55b10e2d2d865b4b2983a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch1_all.deb\n Size/MD5 checksum: 2385530 5f6482d73f7507b5f2f050ea825ee800\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch1_all.deb\n Size/MD5 checksum: 1472296 4bc554684655794b1d82db2160d67bea\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1_all.deb\n Size/MD5 checksum: 56744 a1de64bb115d03c4d33c28065e0c793a\n http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch1_all.deb\n Size/MD5 checksum: 1162332 ab90aab000037913260361eec812c573\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2008-01-03T21:55:47", "title": "[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:26", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2008-01-03T21:55:47", "id": "DEBIAN:DSA-1447-1:D5F9E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00004.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:03", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "x86_64", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5.x86_64.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.3.0.2.el5", "arch": "i386", "packageFilename": "tomcat5-5.5.23-0jpp.3.0.2.el5.i386.rpm", "packageName": "tomcat5", "operator": "lt"}], "description": " [5.5.23-0jpp.3.0.2]\n - Patch for CVE-2007-3382 and CVE-2007-3385\n Resolves: rhbz#254155\n \n [5.5.23-0jpp.3.0.1]\n - Patch for CVE-2007-3386\n Resolves: rhbz#254155 ", "edition": 3, "reporter": "Oracle", "published": "2007-09-26T00:00:00", "title": "Moderate: tomcat security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2007-09-26T00:00:00", "id": "ELSA-2007-0871", "href": "http://linux.oracle.com/errata/ELSA-2007-0871.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "atlassian": [{"lastseen": "2017-03-22T18:16:54", "references": [], "edition": 1, "description": "We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at:\r\n\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385", "reporter": "christopher.owen@atlassian.com", "published": "2008-01-15T04:23:59", "title": "Upgrade standalone Tomcat to 5.5.25", "type": "atlassian", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Confluence", "version": "2.7", "operator": "le"}, {"name": "Confluence", "version": "2.6.0", "operator": "le"}], "cvelist": ["CVE-2007-3382", "CVE-2008-2938", "CVE-2008-2370", "CVE-2007-3385"], "modified": "2017-02-17T05:10:26", "href": "https://jira.atlassian.com/browse/CONF-10445", "id": "ATLASSIAN:CONF-10445", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-02T06:17:24", "references": [], "edition": 1, "description": "We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at:\r\n\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385", "reporter": "christopher.owen@atlassian.com", "published": "2008-01-15T04:23:59", "type": "atlassian", "title": "Upgrade standalone Tomcat to 5.5.25", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Confluence Server", "version": "2.7", "operator": "le"}, {"name": "Confluence Server", "version": "2.6.0", "operator": "le"}], "cvelist": ["CVE-2007-3382", "CVE-2008-2938", "CVE-2008-2370", "CVE-2007-3385"], "modified": "2017-02-17T05:10:26", "href": "https://jira.atlassian.com/browse/CONFSERVER-10445", "id": "ATLASSIAN:CONFSERVER-10445", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
