ID 134ACAA2-51EF-11E2-8E34-0022156E8794 Type freebsd Reporter FreeBSD Modified 2017-03-18T00:00:00
Description
The Apache Software Foundation reports:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service.
{"cve": [{"lastseen": "2017-09-19T13:38:25", "bulletinFamily": "NVD", "description": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.", "modified": "2017-09-18T21:35:23", "published": "2012-12-19T06:55:54", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4534", "id": "CVE-2012-4534", "title": "CVE-2012-4534", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "description": "\r\n\r\nCVE-2012-4534 Apache Tomcat denial of service\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.27\r\n- Tomcat 6.0.0 to 6.0.35\r\n\r\nDescription:\r\nWhen using the NIO connector with sendfile and HTTPS enabled, if a\r\nclient breaks the connection while reading the response an infinite loop\r\nis entered leading to a denial of service. This was originally reported\r\nas https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Tomcat 7.0.x users should upgrade to 7.0.28 or later\r\n- Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThe security implications of this bug were identified by Arun Neelicattu\r\nof the Red Hat Security Response Team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n", "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28802", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28802", "title": "CVE-2012-4534 Apache Tomcat denial of service", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "description": "Protection bypass, DoS.", "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:VULN:12747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12747", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:15:13", "bulletinFamily": "scanner", "description": "The Apache Software Foundation reports :\n\nWhen using the NIO connector with sendfile and HTTPS enabled, if a\nclient breaks the connection while reading the response an infinite\nloop is entered leading to a denial of service.", "modified": "2018-11-10T00:00:00", "published": "2012-12-31T00:00:00", "id": "FREEBSD_PKG_134ACAA251EF11E28E340022156E8794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63364", "title": "FreeBSD : tomcat -- denial of service (134acaa2-51ef-11e2-8e34-0022156e8794)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63364);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2012-4534\");\n\n script_name(english:\"FreeBSD : tomcat -- denial of service (134acaa2-51ef-11e2-8e34-0022156e8794)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Software Foundation reports :\n\nWhen using the NIO connector with sendfile and HTTPS enabled, if a\nclient breaks the connection while reading the response an infinite\nloop is entered leading to a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html\"\n );\n # https://vuxml.freebsd.org/freebsd/134acaa2-51ef-11e2-8e34-0022156e8794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d7b076b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>=6.0.0<=6.0.35\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7>=7.0.0<=7.0.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:18:47", "bulletinFamily": "scanner", "description": "- fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1340218", "modified": "2018-12-18T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74942", "title": "openSUSE Security Update : tomcat (openSUSE-SU-2013:0170-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-24.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74942);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2012-4534\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-SU-2013:0170-1)\");\n script_summary(english:\"Check for the openSUSE-2013-24 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1340218\"\n );\n # http://svn.apache.org/viewvc?view=rev&rev=1340218\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1340218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-admin-webapps-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-docs-webapp-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-el-2_2-api-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-javadoc-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsp-2_2-api-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsvc-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-lib-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-servlet-3_0-api-7.0.27-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-webapps-7.0.27-2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:05", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the instance of Apache\nTomcat 7.0 listening on the remote host is prior to 7.0.28. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows an attacker, via a crafted header, to cause a\n remote denial of service. (CVE-2012-2733)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "published": "2012-11-21T00:00:00", "id": "TOMCAT_7_0_28.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62985", "title": "Apache Tomcat 7.0.x < 7.0.28 Multiple DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62985);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-4534\");\n script_bugtraq_id(56402, 56813);\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.28 Multiple DoS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple remote denial\nof service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0 listening on the remote host is prior to 7.0.28. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows an attacker, via a crafted header, to cause a\n remote denial of service. (CVE-2012-2733)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/72\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 7.0.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.28\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:18:47", "bulletinFamily": "scanner", "description": "- fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - apache-tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1372035\n\n - fix a minor issue in apache-tomcat-CVE-2012-4431.patch\n use the already initialized session variable instead of\n an another call req.getSesssion()", "modified": "2018-12-18T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-23.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74938", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-23.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74938);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2012-4431\", \"CVE-2012-4534\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)\");\n script_summary(english:\"Check for the openSUSE-2013-23 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix bnc#794548 - denial of service (CVE-2012-4534)\n\n - apache-tomcat-CVE-2012-4534.patch fixes apache#53138,\n apache#52858\n http://svn.apache.org/viewvc?view=rev&rev=1372035\n\n - fix a minor issue in apache-tomcat-CVE-2012-4431.patch\n use the already initialized session variable instead of\n an another call req.getSesssion()\"\n );\n # http://svn.apache.org/viewvc?view=rev&rev=1372035\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1372035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debuginfo-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debugsource-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-devel-1.3.3-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-admin-webapps-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-docs-webapp-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-el-1_0-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-javadoc-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-jsp-2_1-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-lib-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-servlet-2_5-api-6.0.33-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-webapps-6.0.33-3.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtcnative-1-0 / libtcnative-1-0-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:03", "bulletinFamily": "scanner", "description": "The version of VMware vCenter installed on the remote host is 5.1 prior\nto update 1. It therefore is potentially affected by the following\nvulnerabilities :\n\n - When deployed in an environment that uses Active\n Directory with anonymous LDAP binding enabled, VMware\n vCenter doesn't properly handle login credentials.\n (CVE-2013-3107)\n\n - The bundled version of Oracle JRE is earlier than\n 1.6.0_37 and thus, is affected by multiple security\n issues.\n\n - The bundled version of Apache Tomcat is affected by\n multiple issues. (CVE-2012-2733, CVE-2012-4534)", "modified": "2018-11-15T00:00:00", "published": "2013-04-30T00:00:00", "id": "VMWARE_VCENTER_VMSA-2013-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66274", "title": "VMware Security Updates for vCenter Server (VMSA-2013-0006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66274);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-4534\", \"CVE-2013-3107\");\n script_bugtraq_id(56402, 56813, 59508);\n script_xref(name:\"VMSA\", value:\"2013-0006\");\n\n script_name(english:\"VMware Security Updates for vCenter Server (VMSA-2013-0006)\");\n script_summary(english:\"Checks version of VMware vCenter\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization management application installed\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter installed on the remote host is 5.1 prior\nto update 1. It therefore is potentially affected by the following\nvulnerabilities :\n\n - When deployed in an environment that uses Active\n Directory with anonymous LDAP binding enabled, VMware\n vCenter doesn't properly handle login credentials.\n (CVE-2013-3107)\n\n - The bundled version of Oracle JRE is earlier than\n 1.6.0_37 and thus, is affected by multiple security\n issues.\n\n - The bundled version of Apache Tomcat is affected by\n multiple issues. (CVE-2012-2733, CVE-2012-4534)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2013-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2013/000209.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0eb44d4\");\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VMware vCenter 5.1 update 1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/02\"); # CVE-2012-2733\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (version =~ '^VMware vCenter 5\\\\.0$')\n{\n build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\n # Make sure we extracted the build number correctly\n if (build =~ '^[0-9]+$')\n {\n if (int(build) < 1300600) fixversion = '5.0.0 build-1300600';\n }\n else exit(1, 'Failed to extract the build number from the release string.');\n}\nelse if (version =~ '^VMware vCenter 5\\\\.1$')\n{\n build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\n # Make sure we extracted the build number correctly\n if (build =~ '^[0-9]+$')\n {\n if (int(build) < 1064983) fixversion = '5.1.0 build-1064983';\n }\n else exit(1, 'Failed to extract the build number from the release string.');\n}\n\nif (fixversion)\n{\n if (report_verbosity > 0)\n {\n release = release - 'VMware vCenter Server ';\n report =\n '\\n Installed version : ' + release +\n '\\n Fixed version : ' + fixversion + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n release = release - 'VMware vCenter Server ';\n audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:18", "bulletinFamily": "scanner", "description": "It was discovered that Tomcat incorrectly performed certain security\nconstraint checks in the FORM authenticator. A remote attacker could\npossibly use this flaw with a specially crafted URI to bypass security\nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a\nsession identifier. A remote attacker could possibly use this flaw to\nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS\nwhen the NIO connector is used. A remote attacker could use this flaw\nto cause Tomcat to stop responsing, resulting in a denial of service.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu\n12.04 LTS. (CVE-2012-4534).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-01-15T00:00:00", "id": "UBUNTU_USN-1685-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63535", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1685-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63535);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_xref(name:\"USN\", value:\"1685-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly performed certain security\nconstraint checks in the FORM authenticator. A remote attacker could\npossibly use this flaw with a specially crafted URI to bypass security\nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a\nsession identifier. A remote attacker could possibly use this flaw to\nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS\nwhen the NIO connector is used. A remote attacker could use this flaw\nto cause Tomcat to stop responsing, resulting in a denial of service.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu\n12.04 LTS. (CVE-2012-4534).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1685-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java and / or libtomcat7-java packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.32-5ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.30-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:15:52", "bulletinFamily": "scanner", "description": "It was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Scientific Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nTomcat must be restarted for this update to take effect.", "modified": "2018-12-31T00:00:00", "published": "2013-03-13T00:00:00", "id": "SL_20130311_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65243", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65243);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Scientific Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=3589\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84cdcb1a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:15:51", "bulletinFamily": "scanner", "description": "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "modified": "2018-11-10T00:00:00", "published": "2013-03-12T00:00:00", "id": "REDHAT-RHSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65201", "title": "RHEL 6 : tomcat6 (RHSA-2013:0623)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65201);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2013:0623)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5887\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:15:51", "bulletinFamily": "scanner", "description": "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "modified": "2018-11-10T00:00:00", "published": "2013-03-13T00:00:00", "id": "CENTOS_RHSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65225", "title": "CentOS 6 : tomcat6 (CESA-2013:0623)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0623 and \n# CentOS Errata and Security Advisory 2013:0623 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65225);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2013:0623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e545b75\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:53", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0623 :\n\nUpdated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "modified": "2018-07-26T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68786", "title": "Oracle Linux 6 : tomcat6 (ELSA-2013-0623)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0623 and \n# Oracle Linux Security Advisory ELSA-2013-0623 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68786);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/26 13:32:43\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2013-0623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0623 :\n\nUpdated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003351.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-25T10:48:41", "bulletinFamily": "scanner", "description": "VMware has updated vCenter Server to address multiple security\nvulnerabilities.", "modified": "2017-07-10T00:00:00", "published": "2014-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=103873", "id": "OPENVAS:103873", "title": "VMware Security Updates for vCenter Server (VMSA-2013-0006)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2013-0006.nasl 6637 2017-07-10 09:58:13Z teissa $\n#\n# VMware Security Updates for vCenter Server (VMSA-2013-0006)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"VMware has updated vCenter Server to address multiple security\nvulnerabilities.\";\n\ntag_solution = \"Apply the missing patch(es).\";\n\ntag_affected = \"vCenter Server 5.1 without Update 1\nvCenter Server 5.0 without Update 3 \";\n\ntag_vuldetect = \"Check the build number.\";\n\ntag_insight = \"vCenter Server AD anonymous LDAP binding credential by-pass\n\nvCenter Server when deployed in an environment that uses Active Directory (AD)\nwith anonymous LDAP binding enabled doesn't properly handle login credentials.\nIn this environment, authenticating to vCenter Server with a valid user name\nand a blank password may be successful even if a non-blank password is required\nfor the account.\n\nThe issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP\nbinding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by\nremoving the possibility to authenticate using blank passwords. This change in\nthe authentication mechanism is present regardless if anonymous binding is\nenabled or not.\n\nWorkaround\n\nThe workaround is to discontinue the use of AD anonymous LDAP binding if it is\nenabled in your environment. AD anonymous LDAP binding is not enabled by\ndefault. The TechNet article listed in the references section explains how to\ncheck for anonymous binding (look for 'anonymous binding' in the article:\nanonymous binding is enabled if the seventh bit of the dsHeuristics attribute\nis set to 2)\n\nOracle (Sun) JRE is updated to version 1.6.0_37, which addresses multiple\nsecurity issues that existed in earlier releases of Oracle (Sun) JRE.\";\n\nif (description)\n{\n script_id(103873);\n script_cve_id(\"CVE-2013-3107\",\"CVE-2012-2733\",\"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version (\"$Revision: 6637 $\");\n script_name(\"VMware Security Updates for vCenter Server (VMSA-2013-0006)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2013-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-09 12:04:01 +0100 (Thu, 09 Jan 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\",\"VMware_vCenter/build\");\n\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\"))exit(0);\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\"))exit(0);\n\nfixed_builds = make_array(\"5.0.0\",\"1300600\",\n \"5.1.0\",\"1064983\");\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n} \n\nexit(99);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:37", "bulletinFamily": "scanner", "description": "Check for the Version of tomcat7", "modified": "2018-01-25T00:00:00", "published": "2013-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841274", "id": "OPENVAS:841274", "title": "Ubuntu Update for tomcat7 USN-1685-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1685_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for tomcat7 USN-1685-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly performed certain security\n constraint checks in the FORM authenticator. A remote attacker could\n possibly use this flaw with a specially-crafted URI to bypass security\n constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10\n and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\n It was discovered that Tomcat incorrectly handled requests that lack a\n session identifier. A remote attacker could possibly use this flaw to\n bypass the cross-site request forgery protection. (CVE-2012-4431)\n \n It was discovered that Tomcat incorrectly handled sendfile and HTTPS when\n the NIO connector is used. A remote attacker could use this flaw to cause\n Tomcat to stop responsing, resulting in a denial of service. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS.\n (CVE-2012-4534)\";\n\n\ntag_affected = \"tomcat7 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1685-1/\");\n script_id(841274);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:42 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1685-1\");\n script_name(\"Ubuntu Update for tomcat7 USN-1685-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.32-5ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-19T13:04:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-01-15T00:00:00", "id": "OPENVAS:1361412562310841274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841274", "title": "Ubuntu Update for tomcat7 USN-1685-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1685_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for tomcat7 USN-1685-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1685-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841274\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:42 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1685-1\");\n script_name(\"Ubuntu Update for tomcat7 USN-1685-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly performed certain security\n constraint checks in the FORM authenticator. A remote attacker could\n possibly use this flaw with a specially-crafted URI to bypass security\n constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10\n and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\n It was discovered that Tomcat incorrectly handled requests that lack a\n session identifier. A remote attacker could possibly use this flaw to\n bypass the cross-site request forgery protection. (CVE-2012-4431)\n\n It was discovered that Tomcat incorrectly handled sendfile and HTTPS when\n the NIO connector is used. A remote attacker could use this flaw to cause\n Tomcat to stop responding, resulting in a denial of service. This issue\n only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS.\n (CVE-2012-4534)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.32-5ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.30-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:36", "bulletinFamily": "scanner", "description": "VMware has updated vCenter Server to address multiple security\nvulnerabilities.", "modified": "2018-08-24T00:00:00", "published": "2014-01-09T00:00:00", "id": "OPENVAS:1361412562310103873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103873", "title": "VMware Security Updates for vCenter Server (VMSA-2013-0006)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2013-0006.nasl 11108 2018-08-24 14:27:07Z mmartin $\n#\n# VMware Security Updates for vCenter Server (VMSA-2013-0006)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103873\");\n script_cve_id(\"CVE-2013-3107\", \"CVE-2012-2733\", \"CVE-2012-4534\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 11108 $\");\n script_name(\"VMware Security Updates for vCenter Server (VMSA-2013-0006)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2013-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 16:27:07 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-09 12:04:01 +0100 (Thu, 09 Jan 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number.\");\n script_tag(name:\"insight\", value:\"vCenter Server AD anonymous LDAP binding credential by-pass\n\nvCenter Server when deployed in an environment that uses Active Directory (AD)\nwith anonymous LDAP binding enabled doesn't properly handle login credentials.\nIn this environment, authenticating to vCenter Server with a valid user name\nand a blank password may be successful even if a non-blank password is required\nfor the account.\n\nThe issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP\nbinding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by\nremoving the possibility to authenticate using blank passwords. This change in\nthe authentication mechanism is present regardless if anonymous binding is\nenabled or not.\n\nWorkaround\n\nThe workaround is to discontinue the use of AD anonymous LDAP binding if it is\nenabled in your environment. AD anonymous LDAP binding is not enabled by\ndefault. The TechNet article listed in the references section explains how to\ncheck for anonymous binding (look for 'anonymous binding' in the article:\nanonymous binding is enabled if the seventh bit of the dsHeuristics attribute\nis set to 2)\n\nOracle (Sun) JRE is updated to version 1.6.0_37, which addresses multiple\nsecurity issues that existed in earlier releases of Oracle (Sun) JRE.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"VMware has updated vCenter Server to address multiple security\nvulnerabilities.\");\n script_tag(name:\"affected\", value:\"vCenter Server 5.1 without Update 1\nvCenter Server 5.0 without Update 3 \");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\"))exit(0);\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\"))exit(0);\n\nfixed_builds = make_array(\"5.0.0\",\"1300600\",\n \"5.1.0\",\"1064983\");\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:33", "bulletinFamily": "scanner", "description": "Check for the Version of tomcat", "modified": "2018-04-06T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310864957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864957", "title": "Fedora Update for tomcat FEDORA-2012-20151", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2012-20151\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\n\ntag_affected = \"tomcat on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864957\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:01:01 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3439\", \"CVE-2012-2733\", \"CVE-2012-4534\",\n \"CVE-2012-4431\", \"CVE-2012-3546\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20151\");\n script_name(\"Fedora Update for tomcat FEDORA-2012-20151\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.33~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:15:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310870958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870958", "title": "RedHat Update for tomcat6 RHSA-2013:0623-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2013:0623-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870958\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:53:55 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2013:0623-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0623-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending /j_security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-26T11:10:02", "bulletinFamily": "scanner", "description": "Check for the Version of tomcat6", "modified": "2018-01-25T00:00:00", "published": "2013-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870958", "id": "OPENVAS:870958", "title": "RedHat Update for tomcat6 RHSA-2013:0623-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2013:0623-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending /j_security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00029.html\");\n script_id(870958);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:53:55 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0623-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0623-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-28T18:24:12", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-0623", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123666", "title": "Oracle Linux Local Check: ELSA-2013-0623", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0623.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123666\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0623\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0623 - tomcat6 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0623\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0623.html\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-22T13:09:36", "bulletinFamily": "scanner", "description": "Check for the Version of tomcat6", "modified": "2018-01-22T00:00:00", "published": "2013-03-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881689", "id": "OPENVAS:881689", "title": "CentOS Update for tomcat6 CESA-2013:0623 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2013:0623 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending _security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n \n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n \n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\");\n script_id(881689);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:48 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0623\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0623 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:57:31", "bulletinFamily": "scanner", "description": "Check for the Version of tomcat6", "modified": "2018-04-06T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:1361412562310881689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881689", "title": "CentOS Update for tomcat6 CESA-2013:0623 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2013:0623 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending _security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n \n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n \n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881689\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:48 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0623\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0623 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:20", "bulletinFamily": "unix", "description": "It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS when the NIO connector is used. A remote attacker could use this flaw to cause Tomcat to stop responsing, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4534)", "modified": "2013-01-14T00:00:00", "published": "2013-01-14T00:00:00", "id": "USN-1685-1", "href": "https://usn.ubuntu.com/1685-1/", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "thn": [{"lastseen": "2017-01-08T18:01:28", "bulletinFamily": "info", "description": " \n\n\nSome critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .\n\n \n\n\n**Apache Tomcat vulnerabilities**\n\n * [CVE-2012-4534](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE535A.9000600@apache.org%3E>) Apache Tomcat denial of service\n * [CVE-2012-3546](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE5367.6090809@apache.org%3E>) Apache Tomcat Bypass of security constraints\n * [CVE-2012-4431](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE536F.6000705@apache.org%3E>) Apache Tomcat Bypass of CSRF prevention filter\n\n \n\n\n[](<http://4.bp.blogspot.com/-0qdwDlCWUCs/UL-H7JHOG1I/AAAAAAAAOhg/7BPoAXuqTh0/s1600/apache-tomcat-7.png>)\n\n \n\n\nAccording to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.\n\n \n\n\nCVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.\n\n \n\n\nWhereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.\n\n \n\n\nIf you are affected, Please update your Tomcat to a fixed version i.e \n\n * Tomcat 7.x: Update to version 7.0.32.\n * Tomcat 6.x: Update to version 6.0.36.\n", "modified": "2012-12-05T17:47:59", "published": "2012-12-05T06:45:00", "id": "THN:109F3CE2A5819B3E1345F63EBB346D6C", "href": "http://thehackernews.com/2012/12/apache-tomcat-multiple-critical.html", "type": "thn", "title": "Apache Tomcat Multiple Critical Vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:32", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0623\n\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0623.html", "modified": "2013-03-12T05:31:44", "published": "2013-03-12T05:31:44", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019640.html", "id": "CESA-2013:0623", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:41", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:31", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0623", "href": "https://access.redhat.com/errata/RHSA-2013:0623", "type": "redhat", "title": "(RHSA-2013:0623) Important: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-06-06T23:50:12", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2018-06-07T02:42:48", "published": "2013-02-20T01:28:50", "id": "RHSA-2013:0265", "href": "https://access.redhat.com/errata/RHSA-2013:0265", "type": "redhat", "title": "(RHSA-2013:0265) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:41:44", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2013-02-20T01:29:27", "id": "RHSA-2013:0266", "href": "https://access.redhat.com/errata/RHSA-2013:0266", "type": "redhat", "title": "(RHSA-2013:0266) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:01", "bulletinFamily": "unix", "description": "[0:6.0.24-52]\n- Related: rhbz 882010 rhbz 883692 rhbz 883705\n- Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate\n- to avoid building on ppc64, ppc, and x390x.\n[0:6.0.24-50]\n- Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887\n- three DIGEST authentication issues\n- Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using\n- SSL NIO sendfile\n- Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints", "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "ELSA-2013-0623", "href": "http://linux.oracle.com/errata/ELSA-2013-0623.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "atlassian": [{"lastseen": "2018-08-31T02:43:11", "bulletinFamily": "software", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Cloud*. Using *Confluence Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-04-02T08:19:29", "published": "2013-05-21T00:23:31", "id": "ATLASSIAN:CONFCLOUD-29345", "href": "https://jira.atlassian.com/browse/CONFCLOUD-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-02T10:17:25", "bulletinFamily": "software", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-04-02T08:19:27", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONFSERVER-29345", "id": "ATLASSIAN:CONFSERVER-29345", "type": "atlassian", "title": "Upgrade bundled Tomcat to 6.0.37", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-22T18:16:54", "bulletinFamily": "software", "description": "Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-02-17T05:47:48", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONF-29345", "id": "ATLASSIAN:CONF-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:27", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2725-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3544 CVE-2013-2067\n\nTwo security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\n\n The input filter for chunked transfer encodings could trigger high \n resource consumption through malformed CRLF sequences, resulting in \n denial of service.\n\nCVE-2013-2067\n\n The FormAuthenticator module was vulnerable to session fixation.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for \nCVE-2012-2733,CVE-2012-3546,CVE-2012-4431, CVE-2012-4534,CVE-2012-5885,\nCVE-2012-5886 and CVE-2012-5887, which were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n\n\n", "modified": "2013-07-18T17:59:18", "published": "2013-07-18T17:59:18", "id": "DEBIAN:DSA-2725-1:3350C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00134.html", "title": "[SECURITY] [DSA 2725-1] tomcat6 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:30", "bulletinFamily": "unix", "description": "a. vCenter Server AD anonymous LDAP binding credential by-pass \n \nvCenter Server when deployed in an environment that uses Active Directory (AD) with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name and a blank password may be successful even if a non-blank password is required for the account. \nThe issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP binding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by removing the possibility to authenticate using blank passwords. This change in the authentication mechanism is present regardless if anonymous binding is enabled or not. \n**Workaround** \nThe workaround is to discontinue the use of AD anonymous LDAP binding if it is enabled in your environment. AD anonymous LDAP binding is not enabled by default. The TechNet article listed in the references section explains how to check for anonymous binding (look for \"anonymous binding\" in the article: anonymous binding is enabled if the seventh bit of the dsHeuristics attribute is set to 2) \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3107 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2013-10-17T00:00:00", "published": "2013-04-25T00:00:00", "id": "VMSA-2013-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2013-0006.html", "title": "VMware security updates for vCenter Server", "type": "vmware", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.41\"\n \n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.56\"", "modified": "2016-03-20T00:00:00", "published": "2014-12-15T00:00:00", "id": "GLSA-201412-29", "href": "https://security.gentoo.org/glsa/201412-29", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
