{"id": "FEDORA:5D9FC21312", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 15 Update: tomcat6-6.0.32-8.fc15", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "published": "2011-10-20T09:58:03", "modified": "2011-10-20T09:58:03", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "lastseen": "2020-12-21T08:17:50", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2526", "CVE-2011-3190", "CVE-2011-2204"]}, {"type": "openvas", "idList": ["OPENVAS:831472", "OPENVAS:1361412562310831472", "OPENVAS:881445", "OPENVAS:1361412562310840803", "OPENVAS:870651", "OPENVAS:863594", "OPENVAS:840803", "OPENVAS:1361412562310863609", "OPENVAS:1361412562310870651", "OPENVAS:1361412562310863594"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12279", "SECURITYVULNS:DOC:27826", "SECURITYVULNS:DOC:26655", "SECURITYVULNS:VULN:11888", "SECURITYVULNS:VULN:11792", "SECURITYVULNS:DOC:26953"]}, {"type": "ubuntu", "idList": ["USN-1252-1"]}, {"type": "fedora", "idList": ["FEDORA:7A2FA214FF", "FEDORA:6956921120", "FEDORA:A413420F2D"]}, {"type": "nessus", "idList": ["SUSE_TOMCAT5-7689.NASL", "FEDORA_2011-13456.NASL", "SUSE_11_4_TOMCAT6-110815.NASL", "FEDORA_2011-13426.NASL", "SL_20111205_TOMCAT6_ON_SL6.NASL", "SUSE_TOMCAT5-7688.NASL", "UBUNTU_USN-1252-1.NASL", "MANDRIVA_MDVSA-2011-156.NASL", "FEDORA_2011-13457.NASL", "SUSE_11_3_TOMCAT6-110815.NASL"]}, {"type": "amazon", "idList": ["ALAS-2011-025"]}, {"type": "centos", "idList": ["CESA-2011:1845", "CESA-2011:1780"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0474", "ELSA-2011-1845", "ELSA-2011-1780"]}, {"type": "redhat", "idList": ["RHSA-2012:0681", "RHSA-2012:0074", "RHSA-2012:0682", "RHSA-2012:0075", "RHSA-2011:1780", "RHSA-2012:0680", "RHSA-2012:0679", "RHSA-2012:0076", "RHSA-2012:0041", "RHSA-2011:1845"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D"]}, {"type": "seebug", "idList": ["SSV:20737"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}], "modified": "2020-12-21T08:17:50", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-12-21T08:17:50", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "15", "arch": "any", "packageName": "tomcat6", "packageVersion": "6.0.32", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T05:51:05", "description": "Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.", "edition": 6, "cvss3": {}, "published": "2011-08-31T23:55:00", "title": "CVE-2011-3190", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2011-3190", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3190", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:03", "description": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.", "edition": 6, "cvss3": {}, "published": "2011-07-14T23:55:00", "title": "CVE-2011-2526", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2526"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2011-2526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2526", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:02", "description": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.", "edition": 6, "cvss3": {}, "published": "2011-06-29T17:55:00", "title": "CVE-2011-2204", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2204"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2011-2204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2204", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:1361412562310863594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863594", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-13456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-13456\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068468.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863594\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-13456\");\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-2204\", \"CVE-2011-2526\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-13456\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"tomcat6 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "description": "Check for the Version of tomcat6", "modified": "2017-07-10T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:863594", "href": "http://plugins.openvas.org/nasl.php?oid=863594", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-13456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-13456\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068468.html\");\n script_id(863594);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-13456\");\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-2204\", \"CVE-2011-2526\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-13456\");\n\n script_summary(\"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~8.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-09-23T15:14:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "The remote host is missing an update for the ", "modified": "2019-09-16T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870651", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:1780-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:1780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870651\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:41:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1780-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:1780-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apache ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881445", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2011:1780 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2011:1780 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018356.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881445\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1780\");\n script_name(\"CentOS Update for tomcat6 CESA-2011:1780 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apache Tomcat project for reporting the\n CVE-2011-2526 issue.\n\n This update al ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:27:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1252-1", "modified": "2017-12-01T00:00:00", "published": "2011-11-11T00:00:00", "id": "OPENVAS:840803", "href": "http://plugins.openvas.org/nasl.php?oid=840803", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1252-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1252_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for tomcat6 USN-1252-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\n authentication. An attacker could use this flaw to perform a variety of\n authentication attacks. (CVE-2011-1184)\n\n Polina Genova discovered that Tomcat incorrectly created log entries with\n passwords when encountering errors during JMX user creation. A local\n attacker could possibly use this flaw to obtain sensitive information. This\n issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n \n It was discovered that Tomcat incorrectly validated certain request\n attributes when sendfile is enabled. A local attacker could bypass intended\n restrictions, or cause the JVM to crash, resulting in a denial of service.\n (CVE-2011-2526)\n \n It was discovered that Tomcat incorrectly handled certain AJP requests. A\n remote attacker could use this flaw to spoof requests, bypass\n authentication, and obtain sensitive information. This issue only affected\n Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1252-1\";\ntag_affected = \"tomcat6 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1252-1/\");\n script_id(840803);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:15 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1252-1\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Ubuntu Update for tomcat6 USN-1252-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "Check for the Version of tomcat6", "modified": "2017-12-29T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881445", "href": "http://plugins.openvas.org/nasl.php?oid=881445", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2011:1780 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2011:1780 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n \n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n \n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n \n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n \n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n \n Red Hat would like to thank the Apache Tomcat project for reporting the\n CVE-2011-2526 issue.\n \n This update al ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018356.html\");\n script_id(881445);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1780\");\n script_name(\"CentOS Update for tomcat6 CESA-2011:1780 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "Check for the Version of tomcat5", "modified": "2017-07-06T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:831472", "href": "http://plugins.openvas.org/nasl.php?oid=831472", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in tomcat\n 5.5.x:\n\n The implementation of HTTP DIGEST authentication in tomcat was\n discovered to have several weaknesses (CVE-2011-1184).\n \n Apache Tomcat, when the MemoryUserDatabase is used, creates log entries\n containing passwords upon encountering errors in JMX user creation,\n which allows local users to obtain sensitive information by reading\n a log file (CVE-2011-2204).\n \n Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP\n NIO connector, does not validate certain request attributes, which\n allows local users to bypass intended file access restrictions or\n cause a denial of service (infinite loop or JVM crash) by leveraging\n an untrusted web application (CVE-2011-2526).\n \n Certain AJP protocol connector implementations in Apache Tomcat allow\n remote attackers to spoof AJP requests, bypass authentication, and\n obtain sensitive information by causing the connector to interpret\n a request body as a new request (CVE-2011-3190).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00032.php\");\n script_id(831472);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:156\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "Check for the Version of tomcat6", "modified": "2017-12-27T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870651", "href": "http://plugins.openvas.org/nasl.php?oid=870651", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:1780-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:1780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apach ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00003.html\");\n script_id(870651);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:41:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1780-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:1780-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1252-1", "modified": "2019-03-13T00:00:00", "published": "2011-11-11T00:00:00", "id": "OPENVAS:1361412562310840803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840803", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1252-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1252_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat6 USN-1252-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1252-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840803\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:15 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1252-1\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Ubuntu Update for tomcat6 USN-1252-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1252-1\");\n script_tag(name:\"affected\", value:\"tomcat6 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\n authentication. An attacker could use this flaw to perform a variety of\n authentication attacks. (CVE-2011-1184)\n\n Polina Genova discovered that Tomcat incorrectly created log entries with\n passwords when encountering errors during JMX user creation. A local\n attacker could possibly use this flaw to obtain sensitive information. This\n issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n\n It was discovered that Tomcat incorrectly validated certain request\n attributes when sendfile is enabled. A local attacker could bypass intended\n restrictions, or cause the JVM to crash, resulting in a denial of service.\n (CVE-2011-2526)\n\n It was discovered that Tomcat incorrectly handled certain AJP requests. A\n remote attacker could use this flaw to spoof requests, bypass\n authentication, and obtain sensitive information. This issue only affected\n Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:1361412562310831472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831472", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00032.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831472\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:156\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"tomcat5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in tomcat\n 5.5.x:\n\n The implementation of HTTP DIGEST authentication in tomcat was\n discovered to have several weaknesses (CVE-2011-1184).\n\n Apache Tomcat, when the MemoryUserDatabase is used, creates log entries\n containing passwords upon encountering errors in JMX user creation,\n which allows local users to obtain sensitive information by reading\n a log file (CVE-2011-2204).\n\n Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP\n NIO connector, does not validate certain request attributes, which\n allows local users to bypass intended file access restrictions or\n cause a denial of service (infinite loop or JVM crash) by leveraging\n an untrusted web application (CVE-2011-2526).\n\n Certain AJP protocol connector implementations in Apache Tomcat allow\n remote attackers to spoof AJP requests, bypass authentication, and\n obtain sensitive information by causing the connector to interpret\n a request body as a new request (CVE-2011-3190).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "description": "It was discovered that Tomcat incorrectly implemented HTTP DIGEST \nauthentication. An attacker could use this flaw to perform a variety of \nauthentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries with \npasswords when encountering errors during JMX user creation. A local \nattacker could possibly use this flaw to obtain sensitive information. This \nissue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request \nattributes when sendfile is enabled. A local attacker could bypass intended \nrestrictions, or cause the JVM to crash, resulting in a denial of service. \n(CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP requests. A \nremote attacker could use this flaw to spoof requests, bypass \nauthentication, and obtain sensitive information. This issue only affected \nUbuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)", "edition": 5, "modified": "2011-11-08T00:00:00", "published": "2011-11-08T00:00:00", "id": "USN-1252-1", "href": "https://ubuntu.com/security/notices/USN-1252-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-01T07:14:13", "description": "It was discovered that Tomcat incorrectly implemented HTTP DIGEST\nauthentication. An attacker could use this flaw to perform a variety\nof authentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries\nwith passwords when encountering errors during JMX user creation. A\nlocal attacker could possibly use this flaw to obtain sensitive\ninformation. This issue only affected Ubuntu 10.04 LTS, 10.10 and\n11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request\nattributes when sendfile is enabled. A local attacker could bypass\nintended restrictions, or cause the JVM to crash, resulting in a\ndenial of service. (CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP\nrequests. A remote attacker could use this flaw to spoof requests,\nbypass authentication, and obtain sensitive information. This issue\nonly affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-11-09T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java"], "id": "UBUNTU_USN-1252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1252-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56746);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"USN\", value:\"1252-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\nauthentication. An attacker could use this flaw to perform a variety\nof authentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries\nwith passwords when encountering errors during JMX user creation. A\nlocal attacker could possibly use this flaw to obtain sensitive\ninformation. This issue only affected Ubuntu 10.04 LTS, 10.10 and\n11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request\nattributes when sendfile is enabled. A local attacker could bypass\nintended restrictions, or cause the JVM to crash, resulting in a\ndenial of service. (CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP\nrequests. A remote attacker could use this flaw to spoof requests,\nbypass authentication, and obtain sensitive information. This issue\nonly affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1252-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.32-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:46:11", "description": "Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Scientific Linux 6. This\nupdate includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Scientific Linux\n6. (CVE-2011-2526)\n\nThis update also fixes the following bug :\n\n - Previously, in certain cases, if 'LANG=fr_FR' or\n 'LANG=fr_FR.UTF-8' was set as an environment variable or\n in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems,\n Tomcat may have failed to start correctly. With this\n update, Tomcat works as expected when LANG is set to\n 'fr_FR' or 'fr_FR.UTF-8'.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111205_TOMCAT6_ON_SL6.NASL", "href": "https://www.tenable.com/plugins/nessus/61184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61184);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Scientific Linux 6. This\nupdate includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Scientific Linux\n6. (CVE-2011-2526)\n\nThis update also fixes the following bug :\n\n - Previously, in certain cases, if 'LANG=fr_FR' or\n 'LANG=fr_FR.UTF-8' was set as an environment variable or\n in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems,\n Tomcat may have failed to start correctly. With this\n update, Tomcat works as expected when LANG is set to\n 'fr_FR' or 'fr_FR.UTF-8'.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=482\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ccd658c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-35.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:28", "description": "Multiple vulnerabilities has been discovered and corrected in tomcat\n5.5.x :\n\nThe implementation of HTTP DIGEST authentication in tomcat was\ndiscovered to have several weaknesses (CVE-2011-1184).\n\nApache Tomcat, when the MemoryUserDatabase is used, creates log\nentries containing passwords upon encountering errors in JMX user\ncreation, which allows local users to obtain sensitive information by\nreading a log file (CVE-2011-2204).\n\nApache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO\nconnector, does not validate certain request attributes, which allows\nlocal users to bypass intended file access restrictions or cause a\ndenial of service (infinite loop or JVM crash) by leveraging an\nuntrusted web application (CVE-2011-2526).\n\nCertain AJP protocol connector implementations in Apache Tomcat allow\nremote attackers to spoof AJP requests, bypass authentication, and\nobtain sensitive information by causing the connector to interpret a\nrequest body as a new request (CVE-2011-3190).\n\nThe updated packages have been patched to correct these issues.", "edition": 25, "published": "2011-10-19T00:00:00", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2011-10-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jasper"], "id": "MANDRIVA_MDVSA-2011-156.NASL", "href": "https://www.tenable.com/plugins/nessus/56551", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:156. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56551);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"MDVSA\", value:\"2011:156\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in tomcat\n5.5.x :\n\nThe implementation of HTTP DIGEST authentication in tomcat was\ndiscovered to have several weaknesses (CVE-2011-1184).\n\nApache Tomcat, when the MemoryUserDatabase is used, creates log\nentries containing passwords upon encountering errors in JMX user\ncreation, which allows local users to obtain sensitive information by\nreading a log file (CVE-2011-2204).\n\nApache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO\nconnector, does not validate certain request attributes, which allows\nlocal users to bypass intended file access restrictions or cause a\ndenial of service (infinite loop or JVM crash) by leveraging an\nuntrusted web application (CVE-2011-2526).\n\nCertain AJP protocol connector implementations in Apache Tomcat allow\nremote attackers to spoof AJP requests, bypass authentication, and\nobtain sensitive information by causing the connector to interpret a\nrequest body as a new request (CVE-2011-3190).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:14", "description": "Fix for CVE-2011-3190 This release is the first using a systemd unit\nfile. SystemV files are packaged separately. During this transition\nusers may experience this error: 'error reading information on service\ntomcat6: No such file or directory' The error occurs because there is\nno tomcat service to delete. It has been tested, is harmless, and can\nbe ignored.\n\nResolves: regression in /usr/sbin/tomcat6 (Additionally Created\nInstances of Tomcat are broken) Bug fix 669969 - dbcp configuration\nCVE-2011-2204 Added missing commons-pool to lib reverted eclipse osgi\nmanifests to the preceding version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-10-19T00:00:00", "title": "Fedora 16 : tomcat6-6.0.32-17.fc16 (2011-13426)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-3190"], "modified": "2011-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-13426.NASL", "href": "https://www.tenable.com/plugins/nessus/56537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13426.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56537);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2204\");\n script_bugtraq_id(48456, 49353);\n script_xref(name:\"FEDORA\", value:\"2011-13426\");\n\n script_name(english:\"Fedora 16 : tomcat6-6.0.32-17.fc16 (2011-13426)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2011-3190 This release is the first using a systemd unit\nfile. SystemV files are packaged separately. During this transition\nusers may experience this error: 'error reading information on service\ntomcat6: No such file or directory' The error occurs because there is\nno tomcat service to delete. It has been tested, is harmless, and can\nbe ignored.\n\nResolves: regression in /usr/sbin/tomcat6 (Additionally Created\nInstances of Tomcat are broken) Bug fix 669969 - dbcp configuration\nCVE-2011-2204 Added missing commons-pool to lib reverted eclipse osgi\nmanifests to the preceding version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717013\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068280.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e134a62c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"tomcat6-6.0.32-17.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:09:14", "description": "Fix for CVE-2011-3190 This release is the first using a systemd unit\nfile. SystemV files are packaged separately. During this transition\nusers may experience this error: 'error reading information on service\ntomcat6: No such file or directory' The error occurs because there is\nno tomcat service to delete. It has been tested, is harmless, and can\nbe ignored.\n\nResolves: regression in /usr/sbin/tomcat6 (Additionally Created\nInstances of Tomcat are broken) Bug fix 669969 - dbcp configuration\nCVE-2011-2204 Added missing commons-pool to lib reverted eclipse osgi\nmanifests to the preceding version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-10-21T00:00:00", "title": "Fedora 15 : tomcat6-6.0.32-8.fc15 (2011-13456)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-3190"], "modified": "2011-10-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-13456.NASL", "href": "https://www.tenable.com/plugins/nessus/56572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13456.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56572);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2204\");\n script_bugtraq_id(48456);\n script_xref(name:\"FEDORA\", value:\"2011-13456\");\n\n script_name(english:\"Fedora 15 : tomcat6-6.0.32-8.fc15 (2011-13456)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2011-3190 This release is the first using a systemd unit\nfile. SystemV files are packaged separately. During this transition\nusers may experience this error: 'error reading information on service\ntomcat6: No such file or directory' The error occurs because there is\nno tomcat service to delete. It has been tested, is harmless, and can\nbe ignored.\n\nResolves: regression in /usr/sbin/tomcat6 (Additionally Created\nInstances of Tomcat are broken) Bug fix 669969 - dbcp configuration\nCVE-2011-2204 Added missing commons-pool to lib reverted eclipse osgi\nmanifests to the preceding version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717013\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d2483e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"tomcat6-6.0.32-8.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T15:18:05", "description": "The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak.\n (CVE-2011-2204)\n\n - Fixed a tomcat information leak and DoS (CVE-2011-2526)", "edition": 21, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526"], "modified": "2011-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7689.NASL", "href": "https://www.tenable.com/plugins/nessus/57255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57255);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2204\", \"CVE-2011-2526\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7689)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak.\n (CVE-2011-2204)\n\n - Fixed a tomcat information leak and DoS (CVE-2011-2526)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2204.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2526.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7689.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"tomcat5-5.5.27-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"tomcat5-admin-webapps-5.5.27-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"tomcat5-webapps-5.5.27-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:36:49", "description": "The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak\n (CVE-2011-2204)\n\n - Fixed atomcat information leak and DoS (CVE-2011-2526)\n\nAlso one bug was fixed :\n\n - fix bnc#702289 - suse manager pam ldap authentication\n fails\n\n - source CATALINA_HOME/bin/setenv.sh if exists", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_4_TOMCAT6-110815.NASL", "href": "https://www.tenable.com/plugins/nessus/76034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-5002.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76034);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2204\", \"CVE-2011-2526\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)\");\n script_summary(english:\"Check for the tomcat6-5002 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak\n (CVE-2011-2204)\n\n - Fixed atomcat information leak and DoS (CVE-2011-2526)\n\nAlso one bug was fixed :\n\n - fix bnc#702289 - suse manager pam ldap authentication\n fails\n\n - source CATALINA_HOME/bin/setenv.sh if exists\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-admin-webapps-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-docs-webapp-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-el-1_0-api-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-javadoc-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-jsp-2_1-api-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-lib-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-servlet-2_5-api-6.0.32-7.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-webapps-6.0.32-7.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:18:05", "description": "The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak.\n (CVE-2011-2204)\n\n - Fixed a tomcat information leak and DoS (CVE-2011-2526)", "edition": 21, "published": "2011-09-01T00:00:00", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526"], "modified": "2011-09-01T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7688.NASL", "href": "https://www.tenable.com/plugins/nessus/56035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56035);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2204\", \"CVE-2011-2526\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak.\n (CVE-2011-2204)\n\n - Fixed a tomcat information leak and DoS (CVE-2011-2526)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2204.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2526.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7688.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:08:20", "description": "The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak\n (CVE-2011-2204)\n\n - Fixed atomcat information leak and DoS (CVE-2011-2526)\n\nAlso one bug was fixed :\n\n - fix bnc#702289 - suse manager pam ldap authentication\n fails\n\n - source CATALINA_HOME/bin/setenv.sh if exists", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_3_TOMCAT6-110815.NASL", "href": "https://www.tenable.com/plugins/nessus/75762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-5002.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75762);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2204\", \"CVE-2011-2526\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)\");\n script_summary(english:\"Check for the tomcat6-5002 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in tomcat :\n\n - Fixed a tomcat user password information leak\n (CVE-2011-2204)\n\n - Fixed atomcat information leak and DoS (CVE-2011-2526)\n\nAlso one bug was fixed :\n\n - fix bnc#702289 - suse manager pam ldap authentication\n fails\n\n - source CATALINA_HOME/bin/setenv.sh if exists\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:14", "description": "Fixes for: CVE-2011-3190 - authentication bypass and information\ndisclosure CVE-2011-2526 - send file validation CVE-2011-2204 -\npassword disclosure vulnerability JAVA_HOME setting in tomcat6.conf\n\nCVE-2011-0534, CVE-2011-0013, CVE-2010-3718\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-10-21T00:00:00", "title": "Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718", "CVE-2011-3190"], "modified": "2011-10-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-13457.NASL", "href": "https://www.tenable.com/plugins/nessus/56573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13457.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56573);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(46164, 46174, 46177, 48456, 48667, 49353);\n script_xref(name:\"FEDORA\", value:\"2011-13457\");\n\n script_name(english:\"Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for: CVE-2011-3190 - authentication bypass and information\ndisclosure CVE-2011-2526 - send file validation CVE-2011-2204 -\npassword disclosure vulnerability JAVA_HOME setting in tomcat6.conf\n\nCVE-2011-0534, CVE-2011-0013, CVE-2010-3718\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=675794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=701037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=721087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=738502\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bea915d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tomcat6-6.0.26-27.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2011-11-10T17:33:27", "published": "2011-11-10T17:33:27", "id": "FEDORA:7A2FA214FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-3190"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2011-10-19T04:35:58", "published": "2011-10-19T04:35:58", "id": "FEDORA:A413420F2D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tomcat6-6.0.32-17.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2011-10-20T09:55:07", "published": "2011-10-20T09:55:07", "id": "FEDORA:6956921120", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: tomcat6-6.0.26-27.fc14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-3190"], "description": "CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.20\r\n- Tomcat 6.0.0 to 6.0.33\r\n- Tomcat 5.5.0 to 5.5.33\r\n- Earlier, unsupported versions may also be affected\r\n\r\nDescription:\r\nApache Tomcat supports the AJP protocol which is used with reverse\r\nproxies to pass requests and associated data about the request from the\r\nreverse proxy to Tomcat. The AJP protocol is designed so that when a\r\nrequest includes a request body, an unsolicited AJP message is sent to\r\nTomcat that includes the first part &#40;or possibly all&#41; of the request\r\nbody. In certain circumstances, Tomcat did not process this message as a\r\nrequest body but as a new request. This permitted an attacker to have\r\nfull control over the AJP message which allowed an attacker to &#40;amongst\r\nother things&#41;:\r\n- insert the name of an authenticated user\r\n- insert any client IP address &#40;potentially bypassing any client IP\r\naddress filtering&#41;\r\n- trigger the mixing of responses between users\r\n\r\nThe following AJP connector implementations are not affected:\r\norg.apache.jk.server.JkCoyoteHandler &#40;5.5.x - default, 6.0.x - default&#41;\r\n\r\nThe following AJP connector implementations are affected:\r\n\r\norg.apache.coyote.ajp.AjpProtocol &#40;6.0.x, 7.0.x - default&#41;\r\norg.apache.coyote.ajp.AjpNioProtocol &#40;7.0.x&#41;\r\norg.apache.coyote.ajp.AjpAprProtocol &#40;5.5.x, 6.0.x, 7.0.x&#41;\r\n\r\nFurther, this issue only applies if all of the following are are true\r\nfor at least one resource:\r\n- POST requests are accepted\r\n- The request body is not processed\r\n\r\n\r\nExample: See https://issues.apache.org/bugzilla/show_bug.cgi?id=51698\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Upgrade to a version of Apache Tomcat that includes a fix for this\r\nissue when available\r\n- Apply the appropriate patch\r\n - 7.0.x http://svn.apache.org/viewvc?rev=1162958&amp;view=rev\r\n - 6.0.x http://svn.apache.org/viewvc?rev=1162959&amp;view=rev\r\n - 5.5.x http://svn.apache.org/viewvc?rev=1162960&amp;view=rev\r\n- Configure the reverse proxy and Tomcat&#39;s AJP connector&#40;s&#41; to use the\r\nrequiredSecret attribute\r\n- Use the org.apache.jk.server.JkCoyoteHandler AJP connector &#40;not\r\navailable for Tomcat 7.0.x&#41;\r\n\r\nCredit:\r\nThe issue was reported via Apache Tomcat&#39;s public issue tracker.\r\nThe Apache Tomcat security team strongly discourages reporting of\r\nundisclosed vulnerabilities via public channels. All Apache Tomcat\r\nsecurity vulnerabilities should be reported to the private security team\r\nmailing list: security@tomcat.apache.org\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\nhttps://issues.apache.org/bugzilla/show_bug.cgi?id=51698\r\n", "edition": 1, "modified": "2011-08-30T00:00:00", "published": "2011-08-30T00:00:00", "id": "SECURITYVULNS:DOC:26953", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26953", "title": "[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2526"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2011-2526: Apache Tomcat Information disclosure and availability\r\n vulnerabilities\r\n\r\nSeverity: low\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 7.0.0 to 7.0.18\r\nTomcat 6.0.0 to 6.0.32\r\nTomcat 5.5.0 to 5.0.33\r\nPrevious, unsupported versions may be affected\r\nAdditionally, these vulnerabilities only occur when all of the following\r\nare true:\r\na&#41; untrusted web applications are being used\r\nb&#41; the SecurityManager is used to limit the untrusted web applications\r\nc&#41; the HTTP NIO or HTTP APR connector is used\r\nd&#41; sendfile is enabled for the connector &#40;this is the default&#41;\r\n\r\nDescription:\r\nTomcat provides support for sendfile with the HTTP NIO and HTTP APR\r\nconnectors. sendfile is used automatically for content served via the\r\nDefaultServlet and deployed web applications may use it directly via\r\nsetting request attributes. These request attributes were not validated.\r\nWhen running under a security manager, this lack of validation allowed a\r\nmalicious web application to do one or more of the following that would\r\nnormally be prevented by a security manager:\r\na&#41; return files to users that the security manager should make inaccessible\r\nb&#41; terminate &#40;via a crash&#41; the JVM\r\n\r\nMitigation:\r\nAffected users of all versions can mitigate these vulnerabilities by\r\ntaking any of the following actions:\r\na&#41; undeploy untrusted web applications\r\nb&#41; switch to the HTTP BIO connector &#40;which does not support sendfile&#41;\r\nc&#41; disable sendfile be setting useSendfile=&quot;false&quot; on the connector\r\nd&#41; apply the patch&#40;es&#41; listed on the Tomcat security pages &#40;see references&#41;\r\ne&#41; upgrade to a version where the vulnerabilities have been fixed\r\n Tomcat 7.0.x users may upgrade to 7.0.19 or later once released\r\n Tomcat 6.0.x users may upgrade to 6.0.33 or later once released\r\n Tomcat 5.5.x users may upgrade to 5.5.34 or later once released\r\n\r\nExample:\r\nExposing the first 1000 bytes of /etc/passwd\r\nHttpServletRequest.setAttribute&#40;\r\n &quot;org.apache.tomcat.sendfile.filename&quot;,&quot;/etc/passwd&quot;&#41;;\r\nHttpServletRequest.setAttribute&#40;\r\n &quot;org.apache.tomcat.sendfile.start&quot;,Long.valueOf&#40;0&#41;&#41;;\r\nHttpServletRequest.setAttribute&#40;\r\n &quot;org.apache.tomcat.sendfile.end&quot;,Long.valueOf&#40;1000&#41;&#41;;\r\nSpecifying a end point after the end of the file will trigger a JVM\r\ncrash with the HTTP APR connector and an infinite loop with the HTTP NIO\r\nconnector.\r\n\r\nCredit:\r\nThese issues were identified by the Tomcat security team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n\r\nThe Apache Tomcat Security Team\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;MingW32&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJOHbrCAAoJEBDAHFovYFnnUZsQANIh02dK4r0cYCwsD59Xvg0R\r\ncCpx0MCzsrVBKU/fJ5nQtVTtZnOVfH2PnZBPFlYxQXpBCgIQh+ZIp9ntGdSNP0kH\r\ne7XgHaG6NipfIPusnQyH8yYmcfRl4BDnQdHyrl1JqApDtqnzPJ4Re9SVQC5VymJP\r\ni9DlvuV4atAdSCgOZzBb3+wMV0uoZqjXcUZrQEXCYBhtGFtOQM/JyMUa7iu5+FhI\r\nAuUchlHw3N+nZ+b4QeXGdFowHMTlJoj0gv5eMCEMVfiaoM5COcaQYBRQxkbNhkfN\r\n7zkcKKyDG2ARIJ7WB3Ncj7A4RfF2KY98q69px6RU2ho8umOycl32dw3wT1AtPWUx\r\n3TkTgkN4FXDprCLp1r/csbYO15GSoI0selWzKxmOOuMIIamQ36HreUInZzXohuOJ\r\nVSdR/LBekdfiLNkNtIwK7oeaZoYqPT14F15C+gkzw8a7ETzN6kyYwZz2+dnnWvxM\r\nlV5WhEksulVfrfro6OBFI4k4KVyCq/QYRUH2WfyaRyUhRB8of6tnweB46upzzoAU\r\n+YtyLPimURofJbcw4Ut4VBvjVJTdts3air32vCKxpfnjdn9Gd3GH3phjrsYzJHTl\r\nfg3RcqrmV9I0gxLn5oWIMx17gOGpFOgSwMyGgm/WEJLyiEV5suSPFVjMFq3znj+7\r\nzAlePYK10YSe5XiZ9g8F\r\n=MeHU\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2011-07-18T00:00:00", "published": "2011-07-18T00:00:00", "id": "SECURITYVULNS:DOC:26655", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26655", "title": "[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-3190"], "description": "A part of AJP message data may be processed as a new AJP message.", "edition": 1, "modified": "2011-08-30T00:00:00", "published": "2011-08-30T00:00:00", "id": "SECURITYVULNS:VULN:11888", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11888", "title": "Apache Tomcat information leakage and unauthorized access", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2526"], "description": "Some security limitations are not checked for sendfile&#40;&#41;.", "edition": 1, "modified": "2011-07-18T00:00:00", "published": "2011-07-18T00:00:00", "id": "SECURITYVULNS:VULN:11792", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11792", "title": "Apache Tomcat information leakage", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n -----------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0005\r\nSynopsis: VMware vCenter Server, Orchestrator, Update Manager,\r\n vShield, vSphere Client, ESXi and ESX address\r\n several security issues\r\nIssue date: 2012-03-15\r\nUpdated on: 2012-03-15 &#40;initial advisory&#41;\r\n\r\nCVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510,\r\n CVE-2012-1512, CVE-2012-1513, CVE-2012-1514,\r\n CVE-2011-3190, CVE-2011-3375, CVE-2012-0022,\r\n CVE-2010-0405\r\n --- JRE ---\r\n See references\r\n -----------------------------------------------------------------------\r\n1. Summary\r\n\r\n VMware vCenter Server, Orchestrator, Update Manager, vShield,\r\n vSphere Client, ESXi and ESX address several security issues\r\n\r\n2. Relevant releases\r\n\r\n VMware vCenter Server 5.0\r\n\r\n VMware vSphere Client 5.0\r\n VMware vSphere Client 4.1 Update 1 and earlier\r\n\r\n VMware vCenter Orchestrator 4.2\r\n VMware vCenter Orchestrator 4.1 Update 1 and earlier\r\n VMware vCenter Orchestrator 4.0 Update 3 and earlier\r\n\r\n VMware vShield Manager 4.1 Update 1\r\n VMware vShield Manager 1.0 Update 1\r\n\r\n VMware Update Manager 5.0\r\n\r\n ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG\r\n ESXi 4.1 without patch ESXi410-201110202-UG\r\n ESXi 4.0 without patch ESXi400-201110402-BG\r\n\r\n ESX 4.1 without patch ESX410-201110201-SG\r\n ESX 4.0 without patch ESX400-201110401-SG\r\n\r\n3. Problem Description\r\n\r\n a. VMware Tools Display Driver Privilege Escalation\r\n\r\n The VMware XPDM and WDDM display drivers contain buffer overflow\r\n vulnerabilities and the XPDM display driver does not properly\r\n check for NULL pointers. Exploitation of these issues may lead\r\n to local privilege escalation on Windows-based Guest Operating\r\n Systems.\r\n\r\n VMware would like to thank Tarjei Mandt for reporting theses\r\n issues to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2012-1509 &#40;XPDM buffer overrun&#41;,\r\n CVE-2012-1510 &#40;WDDM buffer overrun&#41; and CVE-2012-1508 &#40;XPDM null\r\n pointer dereference&#41; to these issues.\r\n\r\n Note: CVE-2012-1509 doesn&#39;t affect ESXi and ESX.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product * Version on Apply Patch **\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n \r\n Workstation 8.x any not affected\r\n \r\n Player 4.x any not affected\r\n \r\n Fusion 4.x Mac OS/X not affected\r\n \r\n ESXi 5.0 ESXi ESXi500-201112402-BG\r\n ESXi 4.1 ESXi ESXi410-201110202-UG\r\n ESXi 4.0 ESXi ESXi400-201110402-BG\r\n ESXi 3.5 ESXi not affected\r\n \r\n ESX 4.1 ESX ESX410-201110201-SG\r\n ESX 4.0 ESX ESX400-201110401-SG\r\n ESX 3.5 ESX not affected\r\n\r\n * Remediation for VMware View is described in VMSA-2012-0004.\r\n\r\n ** Notes on updating VMware Guest Tools:\r\n\r\n After the update or patch is applied, VMware Guest Tools must\r\n be updated in any pre-existing Windows-based Guest Operating\r\n System. The XPDM and WDDM drivers are part of Tools.\r\n\r\n Windows-Based Virtual Machines that have moved to Workstation\r\n 8 or Player 4 from a lower version of Workstation or Player\r\n are affected unless:\r\n\r\n - They were moved from Workstation 7.1.5 or Player 3.1.5,\r\n\r\n AND\r\n\r\n - The Tools version was updated before the move.\r\n\r\n Windows-Based Virtual Machines that have moved to Fusion 4\r\n from a lower version of Fusion are affected.\r\n\r\n b. vSphere Client internal browser input validation vulnerability\r\n\r\n The vSphere Client has an internal browser that renders html\r\n pages from log file entries. This browser doesn&#39;t properly\r\n sanitize input and may run script that is introduced into the\r\n log files. In order for the script to run, the user would need\r\n to open an individual, malicious log file entry. The script\r\n would run with the permissions of the user that runs the vSphere\r\n Client.\r\n\r\n VMware would like to thank Edward Torkington for reporting this\r\n issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-1512 to this issue.\r\n\r\n In order to remediate the issue, the vSphere Client of the\r\n vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release\r\n needs to be installed. The vSphere Clients that come with\r\n vSphere 4.0 and vCenter Server 2.5 are not affected.\r\n\r\n c. vCenter Orchestrator Password Disclosure\r\n\r\n The vCenter Orchestrator &#40;vCO&#41; Web Configuration tool reflects\r\n back the vCenter Server password as part of the webpage. This\r\n might allow the logged-in vCO administrator to retrieve the\r\n vCenter Server password.\r\n\r\n VMware would like to thank Alexey Sintsov from Digital Security\r\n Research Group for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-1513 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCO 4.2 Windows vCO 4.2 Update 1\r\n vCO 4.1 Windows vCO 4.1 Update 2\r\n vCO 4.0 Windows vCO 4.0 Update 4\r\n\r\n d. vShield Manager Cross-Site Request Forgery vulnerability\r\n\r\n The vShield Manager &#40;vSM&#41; interface has a Cross-Site Request\r\n Forgery vulnerability. If an attacker can convince an\r\n authenticated user to visit a malicious link, the attacker may\r\n force the victim to forward an authenticated request to the\r\n server.\r\n\r\n VMware would like to thank Frans Pehrson of Xxor AB\r\n &#40;www.xxor.se&#41; and Claudio Criscione for independently reporting\r\n this issue to us\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-1514 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vSM 5.0 Linux not affected\r\n vSM 4.1 Linux vSM 4.1.0 Update 2\r\n vSM 4.0 Linux vSM 1.0.1 Update 2\r\n\r\n e. vCenter Update Manager, Oracle &#40;Sun&#41; JRE update 1.6.0_30\r\n\r\n Oracle &#40;Sun&#41; JRE is updated to version 1.6.0_30, which addresses\r\n multiple security issues that existed in earlier releases of\r\n Oracle &#40;Sun&#41; JRE.\r\n\r\n Oracle has documented the CVE identifiers that are addressed in\r\n JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical\r\n Patch Update Advisory of October 2011. The References section\r\n provides a link to this advisory.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter 5. Windows patch pending\r\n vCenter 4.1 Windows patch pending\r\n vCenter 4.0 Windows not applicable **\r\n VirtualCenter 2.5 Windows not applicable **\r\n\r\n Update Manager 5.0 Windows Update Manager 5.0 Update 1\r\n Update Manager 4.1 Windows not applicable **\r\n Update Manager 4.0 Windows not applicable **\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX patch pending\r\n ESX 4.0 ESX not applicable **\r\n ESX 3.5 ESX not applicable **\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n ** this product uses the Oracle &#40;Sun&#41; JRE 1.5.0 family\r\n\r\n f. vCenter Server Apache Tomcat update 6.0.35\r\n\r\n Apache Tomcat has been updated to version 6.0.35 to address\r\n multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2011-3190, CVE-2011-3375, and\r\n CVE-2012-0022 to these issues.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter 5.0 Windows vCenter 5.0 Update 1\r\n vCenter 4.1 Windows patch pending\r\n vCenter 4.0 Windows patch pending\r\n VirtualCenter 2.5 Windows not applicable **\r\n \r\n hosted * any any not affected\r\n \r\n ESXi any ESXi not applicable\r\n \r\n ESX 4.1 ESX patch pending\r\n ESX 4.0 ESX patch pending\r\n ESX 3.5 ESX not applicable **\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n ** this product uses the Apache Tomcat 5.5 family\r\n\r\n g. ESXi update to third party component bzip2\r\n\r\n The bzip2 library is updated to version 1.0.6, which resolves a\r\n security issue.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2010-0405 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter any Windows not affected\r\n \r\n hosted * any any not affected\r\n \r\n ESXi 5.0 ESXi ESXi500-201203101-SG\r\n ESXi 4.1 ESXi not affected\r\n ESXi 4.0 ESXi not affected\r\n ESXi 3.5 ESXi not affected\r\n \r\n ESX any ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the checksum of your downloaded file.\r\n\r\n vCenter Server 5.0 Update 1\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vSphere Update Manager,\r\n vSphere Client, and vCenter Orchestrator\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/5_0\r\n\r\n Release Notes:\r\n vSphere vCenter Server\r\n \r\nhttps://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html\r\n https://www.vmware.com/support/pubs/vum_pubs.html\r\n\r\n File: VMware-VIMSetup-all-5.0.0-639890.iso\r\n md5sum:f860ac4b618e2562ebffa2318446fa5b\r\n sha1sum:62830e3061b983e98944ae6d9d3b2e820cebe270\r\n\r\n File: VMware-VIMSetup-all-5.0.0-639890.zip\r\n md5sum:a8bdde277aeeffc382ec210acf510479\r\n sha1sum:0b675a47349fdc09104c62ad84bd302846213fc8\r\n\r\n vCenter Server 4.1 Update 2\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vSphere Client and\r\n vCenter Orchestrator.\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/4_1\r\n\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\r\n\r\n File: VMware-VIMSetup-all-4.1.0-493063.iso\r\n md5sum: d132326846a85bfc9ebbc53defeee6e1\r\n sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\r\n\r\n File: VMware-VIMSetup-all-4.1.0-493063.zip\r\n md5sum: 7fd7b09e501bd8fde52649b395491222\r\n sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\r\n\r\n vCenter Server 4.0 Update 4\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vCenter Orchestrator.\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/4_0\r\n\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html\r\n\r\n File: VMware-VIMSetup-all-4.0.0-502539.iso\r\n md5sum: b418ff3d394f91b418271b6b93dfd6bd\r\n sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927\r\n\r\n File: VMware-VIMSetup-all-4.0.0-502539.zip\r\n md5sum: 2acfadde1ec0cd6d37063d87246d6942\r\n sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8\r\n\r\n vShield Manager 4.1.0 Update 2\r\n ------------------------------\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/details/vshield_endpoint10u3/ZHB3YnRAKndidHR3\r\nag==\r\n\r\n Release Notes:\r\n \r\nhttps://www.vmware.com/support/vshield/doc/releasenotes_vshield_410U2.html\r\n\r\n File: VMware-vShield-Manager-upgrade-bundle-4.1.0U2-576124.tar.gz\r\n md5sum:9a80fc347bc4a19ad0fd4c9fcb4ab475\r\n sha1sum:f5780c1615da0493d0955a1343876c4111d85203\r\n\r\n vShield Zones 1.0 Update 2\r\n --------------------------\r\n\r\n The download for VMware vShield Zones contains vShield Manager\r\n\r\n Download link:\r\n http://downloads.vmware.com/d/details/zones10u2/dHRAYndld2pidHclJQ==\r\n\r\n Release Notes\r\n https://www.vmware.com/support/vsz/doc/releasenotes_vsz_10U2.html\r\n\r\n File: VMware-vShieldZones-1.0U2-638154.exe\r\n md5sum:73515f4732c3a1ecc91ef21a504ca6d9\r\n sha1sum:ed4d858e1c05f54679ba99b739270c054efaf63e\r\n\r\n ESXi and ESX\r\n ------------\r\n\r\n Download link:\r\n http://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.0\r\n --------\r\n File: update-from-esxi5.0-5.0_update01\r\n md5sum: 55c25bd990e2881462bc5b66fb5f6c39\r\n sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88\r\n http://kb.vmware.com/kb/2011432\r\n update-from-esxi5.0-5.0_update01 contains ESXi500-201203101-SG\r\n\r\n File: ESXi500-201112001\r\n md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10\r\n sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d\r\n http://kb.vmware.com/kb/2007672\r\n ESXi500-201112001 contains ESXi500-201112402-BG\r\n\r\n Note: subsequent ESXi releases are cumulative and\r\n ESXi500-201203101-SG includes the security fixes that are\r\n present in ESXi500-201112402-BG\r\n\r\n ESXi 4.1\r\n --------\r\n File: update-from-esxi4.1-4.1_update02\r\n md5sum: 57e34b500ce543d778f230da1d44e412\r\n sha1sum: 52f4378e2f1a29c908493182ccbde91d58b4112f\r\n http://kb.vmware.com/kb/2002341\r\n update-from-esxi4.1-4.1_update02 contains ESXi410-201110202-UG\r\n\r\n ESXi 4.0\r\n --------\r\n File: ESXi400-201110001\r\n md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3\r\n sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b\r\n http://kb.vmware.com/kb/1039199\r\n ESXi400-201110001 contains ESXi400-201110402-BG\r\n\r\n ESX 4.1\r\n -------\r\n File: update-from-esx4.1-4.1_update02\r\n md5sum: 96189a6de3797e28b153f89e01d5a15b\r\n sha1sum: b1823d39d0e4536a421fb933f02380bae7ee7a5d\r\n http://kb.vmware.com/kb/2002303\r\n update-from-esx4.1-4.1_update02 contains ESX410-201110201-SG\r\n\r\n ESX 4.0\r\n -------\r\n File: ESX400-201110001\r\n md5sum: 0ce9cc285ea5c27142c9fdf273443d78\r\n sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399\r\n http://kb.vmware.com/kb/1036392\r\n ESX400-201110001 contains ESX400-201110401-SG\r\n\r\n5. References\r\n\r\n Oracle Java SE Critical Patch Update Advisory of October 2011\r\n \r\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htm\r\nl\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1508\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1509\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1510\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1512\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1513\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1514\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405\r\n\r\n -----------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-03-15 VMSA-2012-0005\r\n \r\n Initial security advisory in conjunction with the release of\r\n vSphere 5.0 Update 1, Orchestrator 4.2 Update 1, Update Manager 5.0\r\n Update 1, vShield 1.0 Update 2, and ESXi and ESX 5.0 patches on\r\n 2012-03-15.\r\n\r\n -----------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n \r\n This Security Advisory is posted to the following lists:\r\n \r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n \r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n \r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n \r\n VMware security response policy\r\n http://www.vmware.com/support/policies/security_response.html\r\n \r\n General support life cycle policy\r\n http://www.vmware.com/support/policies/eos.html\r\n \r\n VMware Infrastructure support life cycle policy\r\n http://www.vmware.com/support/policies/eos_vi.html\r\n \r\n Copyright 2012 VMware Inc. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.8.3 &#40;Build 4028&#41;\r\nCharset: utf-8\r\n\r\nwj8DBQFPY8IgDEcm8Vbi9kMRArL4AJ9S8Fmumd26d3UyRUjpwue4WBIIAwCfX5lO\r\nCZfePTwZlp9o+Bcf2/30Bjg=\r\n=g0FE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-03-20T00:00:00", "published": "2012-03-20T00:00:00", "id": "SECURITYVULNS:DOC:27826", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27826", "title": "VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "description": "Privilege escalation, cross application scripting, information leakage, crossite scripting.", "edition": 1, "modified": "2012-03-20T00:00:00", "published": "2012-03-20T00:00:00", "id": "SECURITYVULNS:VULN:12279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12279", "title": "VMWare applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-1184", "CVE-2011-3190"], "description": "**Issue Overview:**\n\nCertain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. \n\nThe HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.\n\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.\n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat6-el-2.1-api-6.0.33-1.26.amzn1.noarch \n tomcat6-javadoc-6.0.33-1.26.amzn1.noarch \n tomcat6-lib-6.0.33-1.26.amzn1.noarch \n tomcat6-admin-webapps-6.0.33-1.26.amzn1.noarch \n tomcat6-servlet-2.5-api-6.0.33-1.26.amzn1.noarch \n tomcat6-6.0.33-1.26.amzn1.noarch \n tomcat6-jsp-2.1-api-6.0.33-1.26.amzn1.noarch \n tomcat6-webapps-6.0.33-1.26.amzn1.noarch \n tomcat6-docs-webapp-6.0.33-1.26.amzn1.noarch \n \n src: \n tomcat6-6.0.33-1.26.amzn1.src \n \n \n", "edition": 4, "modified": "2011-12-02T22:21:00", "published": "2011-12-02T22:21:00", "id": "ALAS-2011-025", "href": "https://alas.aws.amazon.com/ALAS-2011-25.html", "title": "Important: tomcat6", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064", "CVE-2011-3190"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1780\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the Tomcat\nNative library, which provides support for using APR with Tomcat. This\nlibrary is not shipped with Red Hat Enterprise Linux 6. This update\nincludes fixes for users who have elected to use APR with Tomcat by taking\nthe Tomcat Native library from a different product. Such a configuration is\nnot supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\napplication running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP blocking IO (BIO) connector, which is not vulnerable to this\nissue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the\nCVE-2011-2526 issue.\n\nThis update also fixes the following bug:\n\n* Previously, in certain cases, if \"LANG=fr_FR\" or \"LANG=fr_FR.UTF-8\" was\nset as an environment variable or in \"/etc/sysconfig/tomcat6\" on 64-bit\nPowerPC systems, Tomcat may have failed to start correctly. With this\nupdate, Tomcat works as expected when LANG is set to \"fr_FR\" or\n\"fr_FR.UTF-8\". (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030394.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\n", "edition": 5, "modified": "2011-12-22T16:00:12", "published": "2011-12-22T16:00:12", "href": "http://lists.centos.org/pipermail/centos-announce/2011-December/030394.html", "id": "CESA-2011:1780", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-3718", "CVE-2011-5064"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1845\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. A malicious web\napplication could use this flaw to conduct an XSS attack, leading to\narbitrary web script execution with the privileges of victims who are\nlogged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030374.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030375.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1845.html", "edition": 5, "modified": "2011-12-20T19:18:57", "published": "2011-12-20T19:18:57", "href": "http://lists.centos.org/pipermail/centos-announce/2011-December/030374.html", "id": "CESA-2011:1845", "title": "tomcat5 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064", "CVE-2011-3190"], "description": "[0:6.0.24-35]\n- Resolves: cve-2011-3190\n- Resolves: cve-2011-2204\n- Resolves: cve-2011-2526\n- Resolves: cve-2011-1184\n- Resolves: rhbz 748807 - tomcat6 broken when LANG=fr", "edition": 4, "modified": "2011-12-05T00:00:00", "published": "2011-12-05T00:00:00", "id": "ELSA-2011-1780", "href": "http://linux.oracle.com/errata/ELSA-2011-1780.html", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-1184", "CVE-2011-3718"], "description": "[0:5.5.23-0jpp.31]\n- Resolves: CVE-2012 regression. Changed patch file.\n[0:5.5.23-0jpp.30]\n- Resolves: CVE-2012-0022, CVE-2011-4858\n[0:5.5.23-0jpp.27]\n- Resolves CVE-2011-0013 rhbz 675933\n- Resolves CVE-2011-3718 rhbz 675933\n[0:5.5.23-0jpp.23]\n- Resolves CVE-2011-1184 rhbz 744984\n- Resolves CVE-2011-2204 rhbz 719188", "edition": 4, "modified": "2012-04-11T00:00:00", "published": "2012-04-11T00:00:00", "id": "ELSA-2012-0474", "href": "http://linux.oracle.com/errata/ELSA-2012-0474.html", "title": "tomcat5 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-3718", "CVE-2011-5064"], "description": "[0:5.5.23-0jpp.22]\n- Resolves: CVE-2011-0013 rhbz 675931\n- Resolves: CVE-2010-3718 rhbz 675931\n- Resolves: CVE-2011-1184 rhbz 744983\n- Resolves: CVE-2011-2204 rhbz 719181", "edition": 4, "modified": "2011-12-20T00:00:00", "published": "2011-12-20T00:00:00", "id": "ELSA-2011-1845", "href": "http://linux.oracle.com/errata/ELSA-2011-1845.html", "title": "tomcat5 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-12-11T13:32:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the Tomcat\nNative library, which provides support for using APR with Tomcat. This\nlibrary is not shipped with Red Hat Enterprise Linux 6. This update\nincludes fixes for users who have elected to use APR with Tomcat by taking\nthe Tomcat Native library from a different product. Such a configuration is\nnot supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\napplication running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP blocking IO (BIO) connector, which is not vulnerable to this\nissue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the\nCVE-2011-2526 issue.\n\nThis update also fixes the following bug:\n\n* Previously, in certain cases, if \"LANG=fr_FR\" or \"LANG=fr_FR.UTF-8\" was\nset as an environment variable or in \"/etc/sysconfig/tomcat6\" on 64-bit\nPowerPC systems, Tomcat may have failed to start correctly. With this\nupdate, Tomcat works as expected when LANG is set to \"fr_FR\" or\n\"fr_FR.UTF-8\". (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "modified": "2018-06-06T20:24:22", "published": "2011-12-05T05:00:00", "id": "RHSA-2011:1780", "href": "https://access.redhat.com/errata/RHSA-2011:1780", "type": "redhat", "title": "(RHSA-2011:1780) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.\n", "modified": "2018-06-07T02:42:41", "published": "2012-05-21T04:00:00", "id": "RHSA-2012:0680", "href": "https://access.redhat.com/errata/RHSA-2012:0680", "type": "redhat", "title": "(RHSA-2012:0680) Moderate: tomcat5 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2019-02-20T17:33:40", "published": "2012-05-21T20:19:01", "id": "RHSA-2012:0679", "href": "https://access.redhat.com/errata/RHSA-2012:0679", "type": "redhat", "title": "(RHSA-2012:0679) Moderate: tomcat5 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n", "modified": "2018-06-07T02:42:41", "published": "2012-05-21T04:00:00", "id": "RHSA-2012:0682", "href": "https://access.redhat.com/errata/RHSA-2012:0682", "type": "redhat", "title": "(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.", "modified": "2019-02-20T17:33:40", "published": "2012-05-21T20:31:40", "id": "RHSA-2012:0681", "href": "https://access.redhat.com/errata/RHSA-2012:0681", "type": "redhat", "title": "(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "description": "JBoss Web Server is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment platform\nfor the JavaServer Pages (JSP) and Java Servlet technologies.\n\nMultiple flaws were found in the way JBoss Web Server handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web Server HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause JBoss Web Server to use an excessive amount of CPU time by sending an\nHTTP request with a large number of parameters whose names map to the same\nhash value. This update introduces a limit on the number of parameters and\nheaders processed per request to mitigate this issue. The default limit is\n512 for parameters and 128 for headers. These defaults can be changed by\nsetting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nA flaw was found in the way JBoss Web Server handled sendfile request\nattributes when using the HTTP APR (Apache Portable Runtime) or NIO\n(Non-Blocking I/O) connector. A malicious web application running on a\nJBoss Web Server instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:33:14", "published": "2012-01-19T22:20:26", "id": "RHSA-2012:0041", "href": "https://access.redhat.com/errata/RHSA-2012:0041", "type": "redhat", "title": "(RHSA-2012:0041) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-11T13:30:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. A malicious web\napplication could use this flaw to conduct an XSS attack, leading to\narbitrary web script execution with the privileges of victims who are\nlogged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "modified": "2017-09-08T11:49:30", "published": "2011-12-20T05:00:00", "id": "RHSA-2011:1845", "href": "https://access.redhat.com/errata/RHSA-2011:1845", "type": "redhat", "title": "(RHSA-2011:1845) Moderate: tomcat5 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "modified": "2018-06-07T02:37:45", "published": "2012-01-31T05:00:00", "id": "RHSA-2012:0074", "href": "https://access.redhat.com/errata/RHSA-2012:0074", "type": "redhat", "title": "(RHSA-2012:0074) Important: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "JBoss Web is a web container based on Apache Tomcat. It provides a single\ndeployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause JBoss Web to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters and\nheaders processed per request to mitigate this issue. The default limit is\n512 for parameters and 128 for headers. These defaults can be changed by\nsetting the \"-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x\" and\n\"-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x\" system properties\nas JAVA_OPTS entries in \"jboss-as-web/bin/run.conf\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.\n", "modified": "2018-06-07T02:39:14", "published": "2012-01-31T05:00:00", "id": "RHSA-2012:0076", "href": "https://access.redhat.com/errata/RHSA-2012:0076", "type": "redhat", "title": "(RHSA-2012:0076) Important: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", "modified": "2019-02-20T17:33:58", "published": "2012-02-01T03:54:32", "id": "RHSA-2012:0075", "href": "https://access.redhat.com/errata/RHSA-2012:0075", "type": "redhat", "title": "(RHSA-2012:0075) Important: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:29:44", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2401-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 \n CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 \n CVE-2011-5064 CVE-2012-0022 \n\nSeveral vulnerabilities have been found in Tomcat, a servlet and JSP \nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\n The HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\n In rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n \n Missing input sanisiting in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.\n\nCVE-2011-3190\n\n AJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\n Incorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\n This update adds countermeasures against a collision denial of \n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.\n\nAdditional information can be \nfound at http://tomcat.apache.org/security-6.html \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 3, "modified": "2012-02-02T19:48:08", "published": "2012-02-02T19:48:08", "id": "DEBIAN:DSA-2401-1:5C59D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00025.html", "title": "[SECURITY] [DSA 2401-1] tomcat6 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:01:33", "description": "CVE ID: CVE-2011-2526\r\n\r\nTomcat\u662f\u7531Apache\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u4e0b\u5c5e\u7684Jakarta\u9879\u76ee\u5f00\u53d1\u7684\u4e00\u4e2aServlet\u5bb9\u5668\uff0c\u6309\u7167Sun Microsystems\u63d0\u4f9b\u7684\u6280\u672f\u89c4\u8303\uff0c\u5b9e\u73b0\u4e86\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\uff0c\u5e76\u63d0\u4f9b\u4e86\u4f5c\u4e3aWeb\u670d\u52a1\u5668\u7684\u4e00\u4e9b\u7279\u6709\u529f\u80fd\u3002\r\n\r\nApache Tomcat\u5728sendfile\u8bf7\u6c42\u7684\u5904\u7406\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u548c\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n1\uff09\u5f53Apache Tomcat\u8fd0\u884c\u5728\u5b89\u5168\u7ba1\u7406\u5668\u4e0b\u65f6\u6ca1\u6709\u6b63\u786e\u9a8c\u8bc1sendfile\u8bf7\u6c42\u7684\u5c5e\u6027\uff0c\u53ef\u88ab\u6076\u610fWeb\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u7ed5\u8fc7\u76ee\u6807\u9650\u5236\u5e76\u6cc4\u9732\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n2\uff09\u6b64\u6f0f\u6d1e\u6e90\u4e8eApache Tomcat\u6ca1\u6709\u6b63\u786e\u5904\u7406\u5e26\u6709\u65e0\u6548\u8d77\u70b9\u548c\u7aef\u70b9\u7684sendfile\u8bf7\u6c42\uff0c\u53ef\u88ab\u5229\u7528\u4f7fJVM\u5d29\u6e83\u3002\n\nApache Group Tomcat 7.x\r\nApache Group Tomcat 6.x\r\nApache Group Tomcat 5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://jakarta.apache.org/tomcat/index.html", "published": "2011-07-17T00:00:00", "title": "Apache Tomcat sendfile\u8bf7\u6c42\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u548c\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2526"], "modified": "2011-07-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20737", "id": "SSV:20737", "sourceData": "", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2012-06-24T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}