Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

2023-02-18T01:45:50

Description

## Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a denial of service. ( CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763 ) ## Vulnerability Details **CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. CVSS Base Score: 5.300 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. CVSS Base Score: 4.300 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) **CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>) **DESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. CVSS Base Score: 8.800 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) **CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. CVSS Base Score: 5.3 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. CVSS Base Score: 5.300 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. CVSS Base Score: 7.300 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>) **DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. CVSS Base Score: 6.500 CVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for more information CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ## Affected Products and Versions FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1. FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2. ## Remediation/Fixes _MTMs_ | _VRMF_| _APAR_| _Remediation/First Fix_ ---|---|---|--- **FlashSystem ****840 MTM: ** 9840-AE1 & 9843-AE1 **FlashSystem 900 MTMs:** 9840-AE2 & 9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: ___Fixed code VRMF .__ _1.4 stream: 1.4.3.0 (or later)_ _1.3 stream: 1.3.0.6 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ ** **[**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM’s Fix Central ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm flashsystem 900	any
	ibm flashsystem 900	any

{"id": "09C7AA50D5350164A6B5890E17B1CE089731F30FAD86454CBBDB041DA26CCED8", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900", "description": "## Summary\n\nThere are vulnerabilities in Apache Tomcat to which the IBM\u00ae FlashSystem\u2122 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a denial of service. ( CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763 )\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.800 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.500 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nFlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Fixed code VRMF .__ \n_1.4 stream: 1.4.3.0 (or later)_ \n_1.3 stream: 1.3.0.6 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n** \n**[**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2023-02-18T01:45:50", "modified": "2023-02-18T01:45:50", "epss": [{"cve": "CVE-2015-5174", "epss": 0.00178, "percentile": 0.54788, "modified": "2023-12-03"}, {"cve": "CVE-2015-5345", "epss": 0.00301, "percentile": 0.6607, "modified": "2023-12-03"}, {"cve": "CVE-2015-5346", "epss": 0.00942, "percentile": 0.81271, "modified": "2023-12-03"}, {"cve": "CVE-2015-5351", "epss": 0.00358, "percentile": 0.6894, "modified": "2023-12-03"}, {"cve": "CVE-2016-0706", "epss": 0.00272, "percentile": 0.64345, "modified": "2023-12-02"}, {"cve": "CVE-2016-0714", "epss": 0.00726, "percentile": 0.78456, "modified": "2023-12-02"}, {"cve": "CVE-2016-0763", "epss": 0.00183, "percentile": 0.55366, "modified": "2023-12-02"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/695677", "reporter": "IBM", "references": [], "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "immutableFields": [], "lastseen": "2023-12-03T18:08:36", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-657", "ALAS-2016-658", "ALAS-2016-679", "ALAS-2016-680", "ALAS-2016-681"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRA-59887", "ATLASSIAN:JRASERVER-59887", "JRASERVER-59887"]}, {"type": "centos", "idList": ["CESA-2016:2045", "CESA-2016:2046", "CESA-2016:2599"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1DFE9585B9C1AAABE38F2402F4352EFD"]}, {"type": "cve", "idList": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"]}, {"type": "debian", "idList": ["DEBIAN:DLA-435-1:50A71", "DEBIAN:DLA-753-1:4DD3E", "DEBIAN:DLA-753-1:C31B7", "DEBIAN:DSA-3530-1:6A530", "DEBIAN:DSA-3552-1:E23CF", "DEBIAN:DSA-3609-1:174EB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5174", "DEBIANCVE:CVE-2015-5345", "DEBIANCVE:CVE-2015-5346", "DEBIANCVE:CVE-2015-5351", "DEBIANCVE:CVE-2016-0706", "DEBIANCVE:CVE-2016-0714", "DEBIANCVE:CVE-2016-0763"]}, {"type": "f5", "idList": ["F5:K18174924", "F5:K30971148", "F5:K34341852", "F5:K51025324", "F5:K58084500", "SOL30971148", "SOL51025324"]}, {"type": "fedora", "idList": ["FEDORA:F16536062BDB"]}, {"type": "freebsd", "idList": ["1F1124FE-DE5C-11E5-8FA8-14DAE9D210B8", "7BBC3016-DE63-11E5-8FA8-14DAE9D210B8"]}, {"type": "gentoo", "idList": ["GLSA-201705-09"]}, {"type": "github", "idList": ["GHSA-6QR6-X7JM-X2Q6", "GHSA-6VX3-HR43-CFRH", "GHSA-9HJV-9H75-XMPP", "GHSA-JRCP-C39H-R29X", "GHSA-MV42-PX54-87JW", "GHSA-RH8Q-VJGF-GF74"]}, {"type": "ibm", "idList": ["0AEC3ABCCFB562437ED4141670F5C7C6E096FEFB11D3045A28046C82B784AD9E", "0F6ED8E3AD312A2820734C8AC75D060FFB6A4BA5AE6F0B7098A31B3452BB6CFC", "105120949BC0CCA8DE1379F674E81CE40B9C51F2D99DA4E967FBCAA179E0FFEA", "251C2E34C8D2D4B522AEE3B0D39CBA66F987EC06CBC6FA34ECDC2C96D56F88B7", "2A357BC736E420699B8E644429FE72F50245305B75D003CF1E53D2C5C88D84C7", "2E59BE13E238E4D97B33892C0BB456D62A5C6913F756D4D34620554D57DB715F", "31CA1967B4ACE475D690E3AA47AC787E52202679AD6B8EBD9D86B9FE71F5E2D3", "3E0B580256B0433652E3021D4DBF6524952CC4EF609514C4BA279042857CC111", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "46FE088816BBFEE72216A2D1696268656632FBC221AF416D29C97A319ABF449D", "4CBBE668D09F499CE01B6D51C7657C257DE80683B0A9566FEF039F3B8AD66AAB", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "70637707AD35FFD7CA24C460E8B9C97FF5600A40305CB32EDECFB2C1C9A98F05", "79F48BEE0E5A2E069BD89DB00CEE2085DF9E0E6BE97901C5D6431550085B5EE6", "858C7CB29A95643000EADA0C1DB3FB5D46EEA8B81788EBA2B778EE7CBE075776", "88CA1A3D2F08416DE8999442085C1CD03030FFCDC9FB134CD449DEB7C5DB7536", "8A58A1DA760D7C9AA9496CCEB8F8DD3ECEA3B210C20F1C397D073382709059F3", "91FD6D04ED1E07D418A657F1210391A3C11E4D7E7EF42869A4D979B60B621098", "92D5F309D36E545930CDE46C5D5E562F5AA2FB4D716A92191A214ED61A68FB2B", "935BBE24737E52E53E9E3276AF57AD4035B2612D5C231971408DE1225A3AD2B0", "A68DFAAF23CD5A74809081B6CA6975B0FEDB431E36E31131D0ABF0CA07FC9DFE", "ACDFEAA7AF640374CE7D6BF67721314A280E868DB9395ED18AF53CF9F81EAE8C", "AD181883987A105E6A1E2ADDC4FD3E2991D4F349D55691E0738355588F063760", "AE2001E70A6A1D08A7A052F29EBCC43DFABEDE2E451FC6D7A5C896659F9A82F9", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B6C593CFA8F4C1195B7D65B41828D25967C1BADAD2B07C2F63837A7BFA7E189E", "C0F8A4FDB16B6060757282B298924E8005EF0D1B30BB3472B793362E6109A282", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C4CCB581E9554A8FC81404481350AD55F2B3AFAFAEDE521E7CBB6249AE97DBA8", "CE820FD4621D83AF3E51CFD93CBDEF291F0771A4EE878E6401156E6ED47270AB", "CFF78161323725A8FD12DF13E41FC085C16BC5DB4DD0560B538661E5E827574B", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "DD576034FC94E29158076BADB8AE6D09C8EFA857F3B53F052CBBFE9FFCF9F266", "E718C72F3753D3991081A7D39539F43A8C97C8A42E3C0228988F94034FC70A1C", "ED3133A0CA81E96794720CCDE610BF73EE2EECB2B0FFB9A5C514F344E863D936", "F8AD49D8A73BB530C15AF495227B6C3747AE0CF3ACDA4A23CB12ECAB9ECF5B62"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "mageia", "idList": ["MGASA-2016-0090"]}, {"type": "nessus", "idList": ["700699.PASL", "9313.PRM", "9315.PRM", "9316.PASL", "ALA_ALAS-2016-657.NASL", "ALA_ALAS-2016-658.NASL", "ALA_ALAS-2016-679.NASL", "ALA_ALAS-2016-680.NASL", "ALA_ALAS-2016-681.NASL", "CENTOS_RHSA-2016-2045.NASL", "CENTOS_RHSA-2016-2046.NASL", "CENTOS_RHSA-2016-2599.NASL", "DEBIAN_DLA-435.NASL", "DEBIAN_DLA-753.NASL", "DEBIAN_DSA-3530.NASL", "DEBIAN_DSA-3552.NASL", "DEBIAN_DSA-3609.NASL", "EULEROS_SA-2016-1049.NASL", "EULEROS_SA-2016-1054.NASL", "F5_BIGIP_SOL18174924.NASL", "F5_BIGIP_SOL30971148.NASL", "F5_BIGIP_SOL34341852.NASL", "F5_BIGIP_SOL58084500.NASL", "FEDORA_2016-E6651EFBAF.NASL", "FREEBSD_PKG_1F1124FEDE5C11E58FA814DAE9D210B8.NASL", "FREEBSD_PKG_7BBC3016DE6311E58FA814DAE9D210B8.NASL", "GENTOO_GLSA-201705-09.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "OPENSUSE-2016-384.NASL", "ORACLELINUX_ELSA-2016-2045.NASL", "ORACLELINUX_ELSA-2016-2046.NASL", "ORACLELINUX_ELSA-2016-2599.NASL", "ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL", "REDHAT-RHSA-2015-2659.NASL", "REDHAT-RHSA-2015-2660.NASL", "REDHAT-RHSA-2016-1087.NASL", "REDHAT-RHSA-2016-1088.NASL", "REDHAT-RHSA-2016-1432.NASL", "REDHAT-RHSA-2016-1433.NASL", "REDHAT-RHSA-2016-1434.NASL", "REDHAT-RHSA-2016-2045.NASL", "REDHAT-RHSA-2016-2046.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2016-2807.NASL", "SL_20161010_TOMCAT6_ON_SL6_X.NASL", "SL_20161010_TOMCAT_ON_SL7_X.NASL", "SL_20161103_TOMCAT_ON_SL7_X.NASL", "TOMCAT_6_0_45.NASL", "TOMCAT_7_0_65.NASL", "TOMCAT_7_0_67.NASL", "TOMCAT_7_0_68.NASL", "TOMCAT_8_0_30.NASL", "TOMCAT_8_0_32.NASL", "TOMCAT_9_0_0_M3.NASL", "TOMCAT_XSRF_TOKEN_DISCLOSURE.NASL", "UBUNTU_USN-3024-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120647", "OPENVAS:1361412562310120648", "OPENVAS:1361412562310120669", "OPENVAS:1361412562310120670", "OPENVAS:1361412562310120671", "OPENVAS:1361412562310131247", "OPENVAS:1361412562310703530", "OPENVAS:1361412562310703552", "OPENVAS:1361412562310703609", "OPENVAS:1361412562310807404", "OPENVAS:1361412562310807405", "OPENVAS:1361412562310807406", "OPENVAS:1361412562310807407", "OPENVAS:1361412562310807408", "OPENVAS:1361412562310807409", "OPENVAS:1361412562310807410", "OPENVAS:1361412562310807411", "OPENVAS:1361412562310807412", "OPENVAS:1361412562310807413", "OPENVAS:1361412562310807414", "OPENVAS:1361412562310807415", "OPENVAS:1361412562310842823", "OPENVAS:1361412562310851245", "OPENVAS:1361412562310851257", "OPENVAS:1361412562310871669", "OPENVAS:1361412562310871670", "OPENVAS:1361412562310871701", "OPENVAS:1361412562310882575", "OPENVAS:1361412562310882576", "OPENVAS:1361412562311220161049", "OPENVAS:1361412562311220161054", "OPENVAS:703530", "OPENVAS:703552", "OPENVAS:703609"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUJAN2017", "ORACLE:CPUJUL2018", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2045", "ELSA-2016-2046", "ELSA-2016-2599", "ELSA-2017-2247"]}, {"type": "osv", "idList": ["OSV:DLA-435-1", "OSV:DLA-753-1", "OSV:DSA-3552-1", "OSV:GHSA-6QR6-X7JM-X2Q6", "OSV:GHSA-6VX3-HR43-CFRH", "OSV:GHSA-9HJV-9H75-XMPP", "OSV:GHSA-JRCP-C39H-R29X", "OSV:GHSA-MV42-PX54-87JW", "OSV:GHSA-RH8Q-VJGF-GF74"]}, {"type": "prion", "idList": ["PRION:CVE-2015-5174", "PRION:CVE-2015-5345", "PRION:CVE-2015-5346", "PRION:CVE-2015-5351", "PRION:CVE-2016-0706", "PRION:CVE-2016-0714", "PRION:CVE-2016-0763"]}, {"type": "redhat", "idList": ["RHSA-2015:2659", "RHSA-2015:2660", "RHSA-2016:1087", "RHSA-2016:1088", "RHSA-2016:1432", "RHSA-2016:1433", "RHSA-2016:1434", "RHSA-2016:1435", "RHSA-2016:2045", "RHSA-2016:2046", "RHSA-2016:2599", "RHSA-2016:2807", "RHSA-2016:2808"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0865-1", "SUSE-SU-2016:0769-1", "SUSE-SU-2016:0822-1", "SUSE-SU-2016:0839-1"]}, {"type": "symantec", "idList": ["SMNTC-1353"]}, {"type": "tomcat", "idList": ["TOMCAT:1175049C7D69C5CB1659C6031402BD19", "TOMCAT:1C57B8A512794370194BE52DB897DDB3", "TOMCAT:3594E2AFE5FA0E4544AECF1CFE736974", "TOMCAT:6F3CF30F050AD71F2AA3CBA974714EC9", "TOMCAT:7879F42FFEDFDC45DED14974C73D4697", "TOMCAT:8791F7CDB0177860DFE60DFA1152CCD9", "TOMCAT:A9CA732DCFA521DE2F3F29229243BBA2", "TOMCAT:F0F8FE52B35B4B90B6C6B9412F88CA1B"]}, {"type": "ubuntu", "idList": ["USN-3024-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5174", "UB:CVE-2015-5345", "UB:CVE-2015-5346", "UB:CVE-2015-5351", "UB:CVE-2016-0706", "UB:CVE-2016-0714", "UB:CVE-2016-0763"]}, {"type": "veracode", "idList": ["VERACODE:11887", "VERACODE:12061", "VERACODE:12242", "VERACODE:3842"]}]}, "score": {"value": 9.0, "vector": "NONE"}, "epss": [{"cve": "CVE-2015-5174", "epss": 0.00178, "percentile": 0.53479, "modified": "2023-05-01"}, {"cve": "CVE-2015-5345", "epss": 0.00301, "percentile": 0.64971, "modified": "2023-05-01"}, {"cve": "CVE-2015-5346", "epss": 0.00942, "percentile": 0.80819, "modified": "2023-05-01"}, {"cve": "CVE-2015-5351", "epss": 0.00329, "percentile": 0.6658, "modified": "2023-05-01"}, {"cve": "CVE-2016-0706", "epss": 0.00272, "percentile": 0.6313, "modified": "2023-05-01"}, {"cve": "CVE-2016-0714", "epss": 0.00726, "percentile": 0.77897, "modified": "2023-05-01"}, {"cve": "CVE-2016-0763", "epss": 0.00183, "percentile": 0.54089, "modified": "2023-05-01"}], "vulnersScore": 9.0}, "_state": {"dependencies": 1701627585, "score": 1701627208, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "c4fbcf6507c740b2ef410ed574d3ac60"}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "ibm flashsystem 900"}, {"version": "any", "operator": "eq", "name": "ibm flashsystem 900"}]}

{"ibm": [{"lastseen": "2023-02-21T01:48:38", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110860> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 17 (Implemented by file 10.2.5000.528)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)](<http://www-01.ibm.com/support/docview.wss?uid=swg21978738>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 16 (Implemented by file 10.2.5010.512)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:14:27", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Tomcat affects Rational Insight (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:14:27", "id": "F8AD49D8A73BB530C15AF495227B6C3747AE0CF3ACDA4A23CB12ECAB9ECF5B62", "href": "https://www.ibm.com/support/pages/node/284025", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:38", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110860> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 17 (Implemented by file 10.2.5000.528)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)](<http://www-01.ibm.com/support/docview.wss?uid=swg21978738>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 16 (Implemented by file 10.2.5010.512)](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:14:26", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Tomcat affects Rational Reporting for Development Intelligence (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:14:26", "id": "46FE088816BBFEE72216A2D1696268656632FBC221AF416D29C97A319ABF449D", "href": "https://www.ibm.com/support/pages/node/284023", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:52", "description": "## Summary\n\nJazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)](<http://www-01.ibm.com/support/docview.wss?uid=swg21978738>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Jazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Jazz Reporting 6.0 \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:10:46", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:10:46", "id": "B6C593CFA8F4C1195B7D65B41828D25967C1BADAD2B07C2F63837A7BFA7E189E", "href": "https://www.ibm.com/support/pages/node/544635", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:15:08", "description": "## Summary\n\nTomcat is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n \n**CVE Information: (copy/paste-able; will update after page submission. Provided by system to make it easy to cut and paste data.)**\n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n \nPower HMC V7.3.0.0 \nPower HMC V7.9.0.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0 \nPower HMC V8.4.0.0\n\n## Remediation/Fixes\n\n \nThe following fixes are available on IBM Fix Central \n \n\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.3.0 SP7\n\n| \n\nMB04006\n\n| \n\n[Apply eFix MH01621](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV7.7.9.0 SP3\n\n| \n\nMB04007\n\n| \n\n[Apply eFix MH01622](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.1.0 SP3\n\n| \n\nMB04008\n\n| \n\n[Apply eFix MH01623](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.1.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB04009\n\n| \n\n[Apply eFix MH01624](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.2.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP2\n\n| \n\nMB04011\n\n| \n\n[Apply eFix MH01625](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.4.0 SP1\n\n| \n\nMB04012\n\n| \n\n[Apply eFix MH01626](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.4.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in tomcat affect Power Hardware Management Console", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-09-23T01:31:39", "id": "8A58A1DA760D7C9AA9496CCEB8F8DD3ECEA3B210C20F1C397D073382709059F3", "href": "https://www.ibm.com/support/pages/node/666981", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:44", "description": "## Summary\n\nApache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server.\n\n## Vulnerability Details\n\n**CVE-ID: **[CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \n \n**CVSS Base Score:** 5.300 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**\\----------------------------** \n** \nCVE-ID: **[CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>) \n \n**Description:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \n \n**CVSS Base Score:** 4.300 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n**\\----------------------------** \n \n**CVE-ID:** [CVE-2015-5351](<https://vulners.com/cve/CVE-2015-5351>) \n \n**Description:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \n \n**CVSS Base Score:** 8.800 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110859> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**\\----------------------------** \n \n**CVE-ID:** [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>) \n \n**Description:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \n \n**CVSS Base Score:** 5.300 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**\\----------------------------** \n \n**CVE-ID:** [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>) \n \n**Description:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \n \n**CVSS Base Score:** 7.300 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**\\----------------------------** \n \n**CVE-ID: **[CVE-2016-0763](<https://vulners.com/cve/CVE-2016-0763>) \n \n**Description: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \n \n**CVSS Base Score:** 6.500 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110858> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**\\----------------------------** \n \n**CVE-ID:** [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>) \n \n**Description:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \n \n**CVSS Base Score: **5.300 \n**CVSS Temporal Score:** <https://exchange.xforce.ibmcloud.com/vulnerabilities/110860> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench versions: \n\n * All 8.0.x\n * All 8.5.0.x\n \nVersions 8.5.1 and later are unaffected as they do not use Apache Tomcat. \n\n## Remediation/Fixes\n\nThe fixes for the CVEs mentioned above have been incorporated into the 7.0.69 release of Apache Tomcat. You should upgrade your installation by following the instructions below. \n\n\n 1. Download the fix for your product from Fix Central:\n * Rational Test Workbench - [**7.0.69-Rational-RTW-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Workbench&release=All&platform=All&function=fixId&fixids=7.0.69-Rational-RTW-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n * Rational Test Virtualization Server - [**7.0.69-Rational-RTVS-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Virtualization+Server&release=All&platform=All&function=fixId&fixids=7.0.69-Rational-RTVS-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n\n* Unzip downloaded file to a directory. \n\n* Stop the server. \n\n* In the existing RTCP installation, save the files logging.properties and server.xml to a separate location. \n \nThe default installation locations for these files are:\n\n * Windows: `C:\\Program Files\\IBM\\RationalTestControlPanel\\conf\\`\n * AIX, Linux, Solaris: `/opt/IBM/RationalTestControlPanel/conf/ \n`\n* Copy the contents of the unzipped Tomcat directory (except for the LICENSE file) into the `RationalTestControlPanel` directory, overwriting the existing files. \n\n* Copy the two configuration files you saved earlier back into `/conf`. \n\n* Start the server.\n \n**Notes:**\n\n * When updating an installation to a later version of Rational Test Control Panel, the security fix detailed above will have to be re-applied after the RTCP update\n * When removing an installation that has had the security fix applied, not all the files will be removed by IBM Installation Manager, and some files will have to be removed manually.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:12:44", "type": "ibm", "title": "Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by multiple Apache Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:12:44", "id": "AE2001E70A6A1D08A7A052F29EBCC43DFABEDE2E451FC6D7A5C896659F9A82F9", "href": "https://www.ibm.com/support/pages/node/276471", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:52", "description": "## Summary\n\nJazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence (RRDI). Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)](<http://www-01.ibm.com/support/docview.wss?uid=swg21978738>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 5.0, 5.0.1 and 5.0.2| Jazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:10:48", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:10:48", "id": "CE820FD4621D83AF3E51CFD93CBDEF291F0771A4EE878E6401156E6ED47270AB", "href": "https://www.ibm.com/support/pages/node/544637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:52", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2015-5174, others)](<http://www-01.ibm.com/support/docview.wss?uid=swg21979632>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1 and 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1| Jazz Foundation 6.0, 6.0.1 \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:10:46", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:10:46", "id": "105120949BC0CCA8DE1379F674E81CE40B9C51F2D99DA4E967FBCAA179E0FFEA", "href": "https://www.ibm.com/support/pages/node/544633", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-04T14:56:06", "description": "## Summary\n\nThe Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rhapsody Design Manager (Rhapsody DM), Rational Software Architect Design Manager (RSA DM), Rational Team Concert (RTC), and Rational Quality Manager (RQM).\n\n## Vulnerability Details\n\nIBM Jazz Team Server applications prior to version 6.0.1 are shipped with an Apache Tomcat web server. Apache Tomcat released new versions which contain security vulnerability fixes. \n \nIBM Jazz Team Server may be deployed on either IBM WebSphere Application Server (WAS) or Apache Tomcat. These vulnerabilities are for deployments deployed on Apache Tomcat only. Deployments using WAS are not vulnerable. \n \n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n \n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 3.0.1 - 6.0.1 \n \nRational Quality Manager 2.0 - 2.0.1 \nRational Quality Manager 3.0 - 3.0.1.6 \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.1 \n \nRational Team Concert 2.0 - 2.0.0.2 \nRational Team Concert 3.0 - 3.0.6 \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.1 \n \nRational Requirements Composer 2.0 - 2.0.0.4 \nRational Requirements Composer 3.0 - 3.0.1.6 \nRational Requirements Composer 4.0 - 4.0.7 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.1 \n \nRational Engineering Lifecycle Manager 1.0- 1.0.0.1 \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.1 \n \nRational Rhapsody Design Manager 3.0 - 3.0.1 \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.1 \n \nRational Software Architect Design Manager 3.0 - 3.0.1 \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nIn order to get other security updates, upgrade your products to version **3.0.1.6** or **4.0.7** or **5.0.2** or **6.0.1**, apply the latest ifix, and then perform the following upgrades: \n \n**Note:** The fixes are in Apache Tomcat version 7.0.68 or later. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation. \n\n\n * For the 3.x releases of Rational Software Architect Design Manager and Rhapsody Design Manager, if you cannot upgrade to 4.0.7 or 5.0, contact IBM support for guidance.\n * For the 2.x releases, contact [IBM support](<https://www.ibm.com/support/servicerequest>) for additional details on the fix. \n\n * For the 1.x releases of Rational Engineering Lifecycle Manager, contact [IBM support](<https://www.ibm.com/support/servicerequest>) for additional details on the fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2015-5174, others)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-04-28T18:35:50", "id": "70637707AD35FFD7CA24C460E8B9C97FF5600A40305CB32EDECFB2C1C9A98F05", "href": "https://www.ibm.com/support/pages/node/545859", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:05:10", "description": "## Summary\n\nVulnerabilities in the Apache Tomcat component affect the product's management GUI. The CLI interface is unaffected. The CVEs are CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2015-5174.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running supported releases 7.1 to 7.6.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code level or higher: \n \n7.5.0.8 \n7.6.1.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>) \n \nFor unsupported releases from 1.1 to 6.4, IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller and Storwize Family", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2023-03-29T01:48:02", "id": "0F6ED8E3AD312A2820734C8AC75D060FFB6A4BA5AE6F0B7098A31B3452BB6CFC", "href": "https://www.ibm.com/support/pages/node/691379", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:54:11", "description": "## Summary\n\nApache Tomcat which is shipped with WebSphere Application Server Community Edition (WASCE) 3.0.0.4 is vulnerable to a remote attacker\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0763_](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110858>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Remediation/Fixes\n\nPlease follow the instruction below. \n\n1.Please download the patch file.![patches.zip](/support/pages/system/files/support/swg/swgtech.nsf/0/2a8ed43ce1d3da8285257fb3005cc966/RemediationFixes/0.102.gif)patches.zip\n\n2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file **merged **into the ones in the server installation directory.\n\n3.Start WASCE 3.0.0.4 server with the cache cleaned, for example,\n\n**Window**\n\n \n<WAS_CE_HOME>\\bin\\startup -c \n**Unix/Linux** \n<WAS_CE_HOME>/bin/startup.sh -c \n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-15T07:05:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat may affect IBM WebSphere Application Server Community Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-15T07:05:39", "id": "92D5F309D36E545930CDE46C5D5E562F5AA2FB4D716A92191A214ED61A68FB2B", "href": "https://www.ibm.com/support/pages/node/279487", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:51", "description": "## Summary\n\nThe Apache Tomcat application server in installations of IBM Rational Directory Server (Tivoli) contains security vulnerabilities (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763.\n\n## Vulnerability Details\n\nOne version of Rational Directory Server (Tivoli) is shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. \n \nRational Directory Server (Tivoli) is affected by the following vulnerabilities: \n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \n**CVSS Base Score: **5.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-5351](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \n**CVSS Base Score: **8.8 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110859> for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \n**CVSS Base Score:** 5.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \n**CVSS Base Score: **7.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-0763](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \n**CVSS Base Score:** 6.5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110858> for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n\n\n## Affected Products and Versions\n\nRational Directory Server (Tivoli) version 5.2.0.2\n\n## Remediation/Fixes\n\nYou can upgrade Apache Tomcat after installing Rational Directory Server. \n\nTo obtain the updated version of the Apache Tomcat, [_contact IBM Support_](<https://www-947.ibm.com/support/servicerequest/Home.action?category=2>).\n\n \n \nThe following table presents Rational Directory Server versions and the released versions of Apache Tomcat. \n\nRational Directory Server| Apache Tomcat \n---|--- \nRDS 5.2.0.2| 6.0.45 \n \n \nSupport can help identify the latest Apache Tomcat that is compatible with your operating system and platform. Publicly available versions of the Apache Tomcat are not supported with Rational Directory Server. \n \nAfter you obtain the Apache Tomcat update from Support do these steps: \n** ** \n**Procedure:**\n\n 1. Go to the Rational Directory Server installation directory. \nFor example: C:\\Program Files\\IBM\\Rational\\RDS_5.2.0.2\n 2. Locate the Start_RDAWebServer.bat and change the path to new Tomcat version. \nFor Windows example: \u201cC\\program Files\\IBM\\Rational\\RDS_5.2.0.2\\webAccessServer\\apache-tomcat-6.0.45\\bin\u201d \nFor Linux example : \u201c/var/IBM/Rational?RDS_5.2.0.2/WebAccessServer/apache-tomcat-6.0.45\u201d\n 3. Copy ./<old_tomcat>/webapps/*.war to ./<new tomcat>/webapps.\n 4. Copy the following files from <old_tomcat>/bin to <new tomcat>/bin\n * GroupSchema.xsd \n * tdsbuild.property \n * TDSConfiguration.xml \n * TDSResource_en_US.xml \n * UserSchema.xsd\n* Copy the JRE path in <new_tomcat>/bin/catalina.bat from <old_tomcat>/bin/catalina.bat \nFor Linux update the JRE path in <new_tomcat>/bin/catalina.sh from <old_tomcat>/bin/catalina.sh\n* For Linux Only: Go to the <new_tomcat>/bin and execute the command chmod +x *.sh in terminal.\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T05:11:52", "type": "ibm", "title": "Security bulletin: Rational Directory Server (Tivoli) is affected by Apache Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-17T05:11:52", "id": "79F48BEE0E5A2E069BD89DB00CEE2085DF9E0E6BE97901C5D6431550085B5EE6", "href": "https://www.ibm.com/support/pages/node/547101", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:41", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. Apache Tomcat is used by IBM Algo Audit and Compliance. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-5351](<https://vulners.com/cve/CVE-2015-5351>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110859> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-0763](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110858> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Algo Audit and Compliance versions 2.1.0\n\n## Remediation/Fixes\n\nDownload and install IBM Algo Audit and Compliance version 2.1.0.3 Interim Fix 2 from Fix Central, details available at <http://www-01.ibm.com/support/docview.wss?uid=swg24042349>\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-15T22:45:14", "type": "ibm", "title": "Security Bulletin: Multiple OpenSource Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-15T22:45:14", "id": "858C7CB29A95643000EADA0C1DB3FB5D46EEA8B81788EBA2B778EE7CBE075776", "href": "https://www.ibm.com/support/pages/node/547405", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:43", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory that affects IBM Algorithmics Algo Risk Application \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-0763](<https://vulners.com/cve/CVE-2016-0763>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the ResourceLinkFactory.setGlobalContext() method. By injecting malicious content, an attacker could exploit this vulnerability to read and write arbitrary data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110858> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**I**BM Algorithmics Algo Risk Application Version 4.9.1 and 4.9.0 \n\n## Remediation/Fixes\n\nProduct Name\n\n| Patch Number| Download URL \n---|---|--- \nAlgo One ARA | 491-040| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-AlgoOneARA-if0020:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-AlgoOneARA-if0020:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One ARA | 491-041| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0015:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0015:0&includeSupersedes=0&source=fc&login=true>) \n \n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T22:44:23", "type": "ibm", "title": "Security Bulletin: Vulnerability OpenSource Apache Tomcat \naffects IBM Algorithmics Algo Risk Application - CVE-2015-5345 CVE-2015-5346 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-06-15T22:44:23", "id": "A68DFAAF23CD5A74809081B6CA6975B0FEDB431E36E31131D0ABF0CA07FC9DFE", "href": "https://www.ibm.com/support/pages/node/279445", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:22", "description": "## Summary\n\nThere are multiple vulnerabilities (CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714) reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions.\n\n## Vulnerability Details\n\nCVEID: [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>) \nDESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \nCVEID: [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>) \nDESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \nCVEID: [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>) \nDESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [**_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \nWebSphere Cast Iron v 7.5,x, \nWebSphere Cast Iron v 7.0,0,x, \nWebSphere Cast Iron v 6.4.0.x \nWebSphere Cast Iron v 6.3.0.x \nWebSphere Cast Iron v 6.1.0.x \n\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.*| LI78991 | [iFix7.5.1.0-CUMUIFIX-001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.scrypt2,7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.vcrypt2,7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.docker&includeSupersedes=0>) \nCast Iron Appliance| 7..0*| LI78991 | [iFix7.0..0.2-CUMUIFIX-028](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20160510-0225_H9_64-CUMUIFIX-028.scrypt2,7.0.0.2-WS-WCI-20160510-0225_H9_64-CUMUIFIX-028.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.x| LI78991 | [iFix6.4.0.1-CUMUIFIX-038](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.scrypt2,6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.x| LI78991 | [iFix6.3.0.2-CUMUIFIX-021](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.scrypt2,6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.1.0.x| LI78991 | [iFix6.1.0.15-CUMUIFIX-028](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.1.0.15&platform=All&function=fixId&fixids=6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.scrypt2,6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.vcrypt2&includeSupersedes=0>) \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2019-11-18T13:57:34", "id": "3E0B580256B0433652E3021D4DBF6524952CC4EF609514C4BA279042857CC111", "href": "https://www.ibm.com/support/pages/node/279221", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:33", "description": "## Summary\n\nThere are multiple vulnerabilities in Apache Tomcat that is used by IBM Security SiteProtector System.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>) \n** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \n \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) \n** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \n \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>) \n** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \n \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>) \n** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \n \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.0 and 3.1.1\n\n## Remediation/Fixes\n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view: \n \n**For SiteProtector 3.0:** \n \n\n\nSiteProtector Core Component\n\n| \n\nServicePack3_0_0_12.xpu \n \n---|--- \n \n \n**For SiteProtector 3.1.1:** \n \n\n\nSiteProtector Core Component\n\n| \n\nServicePack3_1_1_7.xpu \n \n---|--- \n \nAlternatively, the packages can be manually obtained from the IBM Security License Key and Download Center using the following URL: \n<https://ibmss.flexnetoperations.com/service/ibms/login>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:42:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in ApacheTomcat affect IBM Security SiteProtector System (CVE-2015-5174, CVE-2015-5345, CVE-2016-0706 and CVE-2016-0714)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2018-06-16T21:42:20", "id": "C4CCB581E9554A8FC81404481350AD55F2B3AFAFAEDE521E7CBB6249AE97DBA8", "href": "https://www.ibm.com/support/pages/node/279171", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:50:31", "description": "## Summary\n\nOpen Source Apache Tomcat is susceptible to multiple vulnerabilities. \n\n## Vulnerability Details\n\n**CVE-ID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) \n** \nDescription:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \n** \nCVSS Base Score:** 5.3** \nCVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score** \nCVSS Environmental Score:** *Undefined** \nCVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N \n \n** \nCVE-ID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>) \n** \nDescription:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \n** \nCVSS Base Score:** 5.3** \nCVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for the current score** \nCVSS Environmental Score:** *Undefined** \nCVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N \n \n** \nCVE-ID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>) \n** \nDescription:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \n** \nCVSS Base Score:** 7.3** \nCVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for the current score** \nCVSS Environmental Score:** *Undefined** \nCVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L \n** \nCVE-ID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>) \n** \nDescription:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \n** \nCVSS Base Score:** 5.3** \nCVSS Temporal Score:** See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score** \nCVSS Environmental Score:** *Undefined** \nCVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar patch 7.1._n_\n\n\u00b7 IBM QRadar patch 7.2._n_\n\n## Remediation/Fixes\n\n[\u00b7 _IBM QRadar SIEM 7.1 MR2 Patch 12 Interim Fix 4_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1104518INT&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc>)\n\n\u00b7 [_IBM QRadar SIEM 7.2.6 Patch 5_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.6-QRADAR-QRSIEM-20160506171537&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:42:42", "type": "ibm", "title": "Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is susceptible to multiple vulnerabilities. (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714, CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2018-06-16T21:42:42", "id": "251C2E34C8D2D4B522AEE3B0D39CBA66F987EC06CBC6FA34ECDC2C96D56F88B7", "href": "https://www.ibm.com/support/pages/node/280271", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:56:08", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log in to the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5351_](<https://vulners.com/cve/CVE-2015-5351>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the index page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2, 6.2.0.1, 6.2.0.2, and 6.2.1 on all supported platforms. \n \nIBM UrbanCode Deploy with Patterns 6.1.0 to 6.1.1.5\n\n## Remediation/Fixes\n\nApply the following fixes as soon as practical. Review the information below regarding the available fixes. \n\n**Affected Product**| **Version**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Deploy| 6.0.X| Upgrade to [6.0.1.13](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.0.1.0&platform=All&function=all>) or later \nIBM UrbanCode Deploy| 6.1.X| Upgrade to [6.1.3.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>) or later \nIBM UrbanCode Deploy| 6.2.X| Upgrade to [6.2.1.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.1.1&platform=All&function=all>) or later \nIBM UrbanCode Deploy with Patterns| 6.1.X| Upgrade to the blueprint designer included with UrbanCode Deploy [6.1.3.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>) or later \n \n## Workarounds and Mitigations\n\n**IBM UrbanCode Deploy** \nYou can manually upgrade Apache Tomcat to 6.0.45 on your IBM UrbanCode Deploy servers by replacing the existing JAR files in _server_installation_dir_/opt/tomcat/lib with all of the JAR files in the _Tomcat_Archive_/apache-tomcat-6.0.45/lib directory. \nAdditionally, the bootstrap.jar, commons-daemon.jar, and tomcat-juli.jar files in _Tomcat_Archive_/apache-tomcat-6.0.45/bin must be replaced with the corresponding JAR files in _server_installation_dir_/opt/tomcat/bin. \nDownloads for Tomcat 6.0.45 can be found [_here_](<https://tomcat.apache.org/download-60.cgi>). \n \n \n**IBM UrbanCode Deploy Blueprint Designer** \nTo manually upgrade Apache Tomcat to 7.0.68 on your IBM UrbanCode Deploy blueprint design servers, replace the existing JAR files in the _server_installation_directory_/opt/tomcat/lib folder with all of the JAR files in the _Tomcat_Archive_/apache-tomcat-7.0.68/lib folder. \nAdditionally, replace the bootstrap.jar, commons-daemon.jar, and tomcat-juli.jar files in the _server_installation_directory_/opt/tomcat/bin folder with the files in the _Tomcat_Archive_/apache-tomcat-7.0.68/bin folder. \nDownloads for Tomcat 7.0.68 can be found [_here_](<https://tomcat.apache.org/download-70.cgi>). \n \n**IBM UrbanCode Deploy with Patterns** \n \n**_Versions 6.1.1.2 \u2013 6.1.1.5_** \nTo manually upgrade Apache Tomcat to 7.0.68 on your IBM UrbanCode Deploy with Patterns servers, replace the existing JAR files in the _server_installation_directory_/opt/tomcat/lib folder with all of the JAR files in the _Tomcat_Archive_/apache-tomcat-7.0.68/lib folder. \nAdditionally, replace the bootstrap.jar, commons-daemon.jar, and tomcat-juli.jar files in the _server_installation_directory_/opt/tomcat/bin folder with the files in the _Tomcat_Archive_/apache-tomcat-7.0.68/bin folder. \nDownloads for Tomcat 7.0.68 can be found [_here_](<https://tomcat.apache.org/download-70.cgi>). \n \n**_Versions Before 6.1.1.2_** \nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351"], "modified": "2018-06-17T22:33:01", "id": "31CA1967B4ACE475D690E3AA47AC787E52202679AD6B8EBD9D86B9FE71F5E2D3", "href": "https://www.ibm.com/support/pages/node/619309", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:53", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information or bypass security restrictions and is supplied with specific versions of Rational Lifecycle Integration Adapter for HP ALM. \n\n## Vulnerability Details\n\n**CVE Information:** \n \n**CVE-ID: **[**CVE-2015-5345**](<https://vulners.com/cve/CVE-2015-5345>) \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVE-ID: **[**CVE-2016-0706**](<https://vulners.com/cve/CVE-2016-0706>) \n**Description: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVE-ID: **[**CVE-2016-0714**](<https://vulners.com/cve/CVE-2016-0714>) \n**Description: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.300 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Rational Lifecycle Integration Adapter for HP ALM 1.1.2 and 1.1.2.1\n\n## Remediation/Fixes\n\nThe IBM Rational Lifecycle Integration Adapter can be updated with a corrected Tomcat by following the instructions below. This is only applicable to products deployed on Apache Tomcat. Be sure to upgrade all the components that your deployment uses. \n \n**Note: **Rational Lifecycle Integration Adapter 1.1.x product modification may contain updated Tomcats, however 1.1.x iFixes typically do not update Tomcat. \n \n**NOTE: Apache Tomcat is only included by IBM Rational Lifecycle Integration Adapter version 1.1.2 and 1.1.2.1 Previous versions of the RLIA SE HP Adapter were released as WAR files only.** \n \nTo obtain the latest Apache Tomcat, please visit the [Apache Tomcat website](<https://tomcat.apache.org/download-60.cgi>) and download versions 6.0.45 or higher version (in 6.0 stream). Once the Tomcat is obtained, follow the instructions below to replace the existing Tomcat: \n \n**Upgrading Tomcat installation**\n\n1\\. Stop the Rational Lifecycle Integration Adapter server. \n \n**Note**: The applications may be running in different application server instances or using a delegated converter. \n\n2\\. Navigate to the original install directory and rename the Tomcat folder \n \n<InstallDir>/server/tomcat \n \nto \n \n<InstallDir>/server/tomcat-Original \n \nThis will ensure that the original Tomcat is kept as a backup in the event a restore is required._ \n \n_Example (Linux): \nmv <InstallDir>/server/tomcat <InstallDir>/server/tomcat-Original \n\n3\\. Unzip the new Tomcat file provided by support to the Installation directory. \n \nExample (Linux): unzip <newInsallZip> -d <InstallDir>/server/tomcat/\n\n4\\. Delete the following directories from the exploded archive: \n \n<InstallDir>/server/tomcat/webapps/docs \n<InstallDir>/server/tomcat/webapps/examples \n<InstallDir>/server/tomcat/webapps/host-manager \n<InstallDir>/server/tomcat/webapps/manager\n\n5\\. Copy the Apache Tomcat SSL Keystore from the backup: \n \n<InstallDir>/server/tomcat-Original/ibm-team-ssl.keystore \n \nto \n \n<InstallDir>/server/tomcat/ibm-team-ssl.keystore\n\n6\\. Copy the Apache Tomcat Server configuration from the backup: \n \n<InstallDir>/server/tomcat-Original/conf/server.xml \n \nto \n \n<InstallDir>/server/tomcat/conf/server.xml\n\n7\\. Copy the HP Adapter WAR file from the backup: \n \n<InstallDir>/server/tomcat-Original/webapps/hpqm.war \n \nto \n \n<InstallDir>/server/tomcat/webapps/hpqm.war\n\n8\\. Restart the Rational Lifecycle Integration Adapter server\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:10:25", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2018-06-17T05:10:25", "id": "2E59BE13E238E4D97B33892C0BB456D62A5C6913F756D4D34620554D57DB715F", "href": "https://www.ibm.com/support/pages/node/543217", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:24", "description": "## Summary\n\nIBM WebSphere Application Server Community Edition is bundled as an optional component of WebSphere Dashboard Framework. Information about security vulnerabilities affecting this component have been published.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-0706](<https://vulners.com/cve/CVE-2016-0706>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0714](<https://vulners.com/cve/CVE-2016-0714>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110856> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nWebSphere Dashboard Framework 7.0.1\n\n## Remediation/Fixes\n\nNo fixes are available for the version of IBM WebSphere Application Server Community Edition bundled with Web Experience Factory. IBM strongly advises that customers apply one of the workarounds described below.\n\n## Workarounds and Mitigations\n\nIBM WebSphere Application Server Community Edition (WASCE) is an optional component of WebSphere Dashboard Framework. When installed, WASCE is only used as a development and test server. To mitigate the vulnerabilities in WASCE, IBM recommends using WebSphere Application Server or WebSphere Portal in place of WASCE.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T20:01:10", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with WebSphere Dashboard Framework 7.0.1 (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2018-06-16T20:01:10", "id": "4CBBE668D09F499CE01B6D51C7657C257DE80683B0A9566FEF039F3B8AD66AAB", "href": "https://www.ibm.com/support/pages/node/279887", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:49", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory affecting IBM Algo One - Core.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Algo One Core 4.9.0 and Algo One Core 5.0.0.\n\n## Remediation/Fixes\n\nProduct\n\n| Patch Number| Download URL \n---|---|--- \nAlgo One Core| 490-211| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-Algo-One-if0211:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-Algo-One-if0211:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core| 500-186| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-if0186:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-if0186:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T22:44:27", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSource Apache Tomcat affecting IBM Algo One - Core (CVE-2015-5345 and CVE-2015-5346)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346"], "modified": "2018-06-15T22:44:27", "id": "91FD6D04ED1E07D418A657F1210391A3C11E4D7E7EF42869A4D979B60B621098", "href": "https://www.ibm.com/support/pages/node/280481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:43", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. OpenSource Apache Tomcat is used by IBM Algorithmics Counterparty Credit Risk \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110857> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAlgo One Versions 5.0.0 through 5.1.0\n\n## Remediation/Fixes\n\nPatch Number\n\n| Download URL \n---|--- \nAlgo One Core 510-071| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.1-Algo-OneIMCR-RHEL-gf0001:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.1-Algo-OneIMCR-RHEL-gf0001:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core 500-311| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-Algo-OneCCR-gf0005:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-Algo-OneCCR-gf0005:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T22:45:14", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Tomcat Vulnerability\naffects IBM Algorithmics Counterparty Credit Risk", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346"], "modified": "2018-06-15T22:45:14", "id": "935BBE24737E52E53E9E3276AF57AD4035B2612D5C231971408DE1225A3AD2B0", "href": "https://www.ibm.com/support/pages/node/547413", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:38:43", "description": "## Summary\n\nSeveral vulnerabilities have been addressed for: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016; OpenSource OpenSSL; and Opensource Apache Tomcat Vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3427_](<https://vulners.com/cve/CVE-2016-3427>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112459_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112459>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n**CVEID:** [_CVE-2016-0705_](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111140_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111140>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-0799_](<https://vulners.com/cve/CVE-2016-0799>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory error in the BIO_*printf() functions. An attacker could exploit this vulnerability using specially crafted data to trigger an out-of-bounds read. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111143_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111143>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0702_](<https://vulners.com/cve/CVE-2016-0702>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111144_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111144>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2842_](<https://vulners.com/cve/CVE-2016-2842>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to verify that a certain memory allocation succeeds by the doapr_outch function. A remote attacker could exploit this vulnerability using a specially crafted string to cause an out-of-bounds write or consume an overly large amount of resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111304_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111304>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2107_](<https://vulners.com/cve/CVE-2016-2107>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when the connection uses an AES CBC cipher and the server support AES-NI. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt traffic. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2176_](<https://vulners.com/cve/CVE-2016-2176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, By sending an overly long ASN.1 string to the X509_NAME_oneline() function, an attacker could exploit this vulnerability to return arbitrary stack data in the buffer. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112858_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112858>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-3197_](<https://vulners.com/cve/CVE-2015-3197>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110235_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110235>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0706_](<https://vulners.com/cve/CVE-2016-0706>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-0714_](<https://vulners.com/cve/CVE-2016-0714>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110856_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n * * IBM Cognos TM1 10.1\n * IBM Cognos TM1 10.2\n * IBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\n \nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nCognos TM1 10.1.1.2 Interim Fix 7 \n \nLink: [](<http://g01zciwas018.ahe.pok.ibm.com/support/dcf/preview.wss?host=g01zcidbs003.ahe.pok.ibm.com&db=support/swg/swgdnld.nsf&unid=92F821621719DADF85257FDA00669764&taxOC=SS9RXT&MD=2016/06/22%2014:06:02&sid=>)[_http://www.ibm.com/support/docview.wss?uid=swg24042432_](<http://www.ibm.com/support/docview.wss?uid=swg24042432>) \n \nCognos TM1 10.2.0.2 Interim Fix 7 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24042431_](<http://www.ibm.com/support/docview.wss?uid=swg24042431>) \n \nCognos TM1 10.2.2 Fix Pack 6 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24042414_](<http://www.ibm.com/support/docview.wss?uid=swg24042414>) \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3197", "CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0799", "CVE-2016-2107", "CVE-2016-2176", "CVE-2016-2842", "CVE-2016-3427"], "modified": "2020-02-24T07:27:10", "id": "0AEC3ABCCFB562437ED4141670F5C7C6E096FEFB11D3045A28046C82B784AD9E", "href": "https://www.ibm.com/support/pages/node/284991", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:38:48", "description": "## Summary\n\nWebSphere Message Broker and IBM Integration Bus are affected by Open Source Apache Tomcat vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5346_](<https://vulners.com/cve/CVE-2015-5346>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Integration Bus V10.0 & V9.0 \n\nWebSphere Message Broker V8.0 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Bus| V10 \n| IT14053 | An interim fix is available from IBM Fix Central for all platforms. \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14053](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14053>) \n \nThe APAR is targeted to be available in fix pack 10.0.0.6 \nIBM Integration Bus| V9 \n| IT14053 | An interim fix is available from IBM Fix Central for all platforms. \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14053](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT14053>) \n \nThe APAR is targeted to be available in fix pack 9.0.0.6 \nWebSphere Message Broker \n| V8 \n| IT14053 | An interim fix is available from IBM Fix Central for all platforms. \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibms~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT14053](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibms~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT14053>) \n \nThe APAR is targeted to be available in fix pack 8.0.0.8. \n \n_For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\nThe planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at : \n\n \n[http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ](<http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006308>)\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability (CVE-2015-5346 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5346"], "modified": "2020-03-23T20:41:52", "id": "AD181883987A105E6A1E2ADDC4FD3E2991D4F349D55691E0738355588F063760", "href": "https://www.ibm.com/support/pages/node/277597", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:40:00", "description": "## Summary\n\nThere is a vulnerability CVE-2015-5174 reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions.\n\n## Vulnerability Details\n\nCVEID: [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>)** \n**DESCRIPTION: Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \nWebSphere Cast Iron v 7.5,x, \nWebSphere Cast Iron v 7.0,0,x, \nWebSphere Cast Iron v 6.4.0.x \nWebSphere Cast Iron v 6.3.0.x \nWebSphere Cast Iron v 6.1.0.x \n\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.*| LI78991 | [iFix7.5.1.0-CUMUIFIX-001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.scrypt2,7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.vcrypt2,7.5.1.0-WS-WCI-20160422-1039_H9_64-CUMUIFIX-001.docker&includeSupersedes=0>) \nCast Iron Appliance| 7..0*| LI78991 | [iFix7.0..0.2-CUMUIFIX-028](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20160510-0225_H9_64-CUMUIFIX-028.scrypt2,7.0.0.2-WS-WCI-20160510-0225_H9_64-CUMUIFIX-028.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.x| LI78991 | [iFix6.4.0.1-CUMUIFIX-038](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.scrypt2,6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.x| LI78991 | [iFix6.3.0.2-CUMUIFIX-021](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.scrypt2,6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.1.0.x| LI78991 | [iFix6.1.0.15-CUMUIFIX-028](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.1.0.15&platform=All&function=fixId&fixids=6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.scrypt2,6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.vcrypt2&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNA\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerability CVE-2015-5174", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2019-11-18T13:57:34", "id": "ACDFEAA7AF640374CE7D6BF67721314A280E868DB9395ED18AF53CF9F81EAE8C", "href": "https://www.ibm.com/support/pages/node/549289", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:54:41", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. Effects Algo Risk Application \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110860> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nVersions 4.9.0 to 4.9.1\n\n## Remediation/Fixes\n\nAlgo One ARA 491-040\n\n| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-AlgoOneARA-if0020:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-AlgoOneARA-if0020:0&includeSupersedes=0&source=fc&login=true>) \n---|--- \nAlgo One ARA 491-041| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0015:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-Algo-OneARA-if0015:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-15T22:45:25", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSource Apache Tomcat\n affects IBM Algorithmics Algo Risk Application (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2018-06-15T22:45:25", "id": "E718C72F3753D3991081A7D39539F43A8C97C8A42E3C0228988F94034FC70A1C", "href": "https://www.ibm.com/support/pages/node/548109", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:54:13", "description": "## Summary\n\nApache Tomcat which is shipped with WebSphere Application Server Community Edition (WASCE) 3.0.0.4 is vulnerable to a remote attacker to traverse directories on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Remediation/Fixes\n\nPlease follow the instruction below. \n\n1.Please download the patch file.![CVE-2015-5174_patch.zip](/support/pages/system/files/support/swg/swgtech.nsf/0/ae90a5039f5a720185257faf003054e5/RemediationFixes/0.11A.gif)CVE-2015-5174_patch.zip\n\n2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file **merged **into the ones in the server installation directory.\n\n3.Start WASCE 3.0.0.4 server with the cache cleaned, for example,\n\n**Window**\n\n \n<WAS_CE_HOME>\\bin\\startup -c \n**Unix/Linux** \n<WAS_CE_HOME>/bin/startup.sh -c \n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-15T07:05:38", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2018-06-15T07:05:38", "id": "88CA1A3D2F08416DE8999442085C1CD03030FFCDC9FB134CD449DEB7C5DB7536", "href": "https://www.ibm.com/support/pages/node/279023", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:41", "description": "## Summary\n\nApache Tomcat could allow a remote attacker to traverse directories on the system. Apache Tomcat is used by IBM Algo Audit and Compliance.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Algo Audit and Compliance versions 2.1.0\n\n## Remediation/Fixes\n\nDownload and install IBM Algo Audit and Compliance version 2.1.0.3 Interim Fix 2 from Fix Central, details available at <http://www-01.ibm.com/support/docview.wss?uid=swg24042349>\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-15T22:44:38", "type": "ibm", "title": "Security Bulletin: Apache Tomcat vulnerability in IBM Algo Audit and Compliance (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2018-06-15T22:44:38", "id": "DD576034FC94E29158076BADB8AE6D09C8EFA857F3B53F052CBBFE9FFCF9F266", "href": "https://www.ibm.com/support/pages/node/281503", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:48:44", "description": "## Summary\n\nThe Apache Tomcat application server in installations of IBM Rational Directory Server (Tivoli) contains a security vulnerability (CVE-2015-5174).\n\n## Vulnerability Details\n\nA version of Rational Directory Server (Tivoli) is shipped with an Apache Tomcat application server that contains a security vulnerability. Apache Tomcat has been updated to incorporate a fix for this vulnerability. \n \nRational Directory Server (Tivoli) is affected by the following vulnerability: \n\n**CVEID:** [_CVE-2015-5174_](<https://vulners.com/cve/CVE-2015-5174>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \n**CVSS Base Score: **5.3 \n**CVSS Temporal Score: **See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Directory Server (Tivoli) version 5.2.0.2\n\n## Remediation/Fixes\n\nYou can upgrade Apache Tomcat in an existing installation of Rational Directory Server. An upgrade of Rational Directory Server is not required for this fix. \n\nTo obtain the updated version of the Apache Tomcat, [_contact IBM Support_](<https://www-947.ibm.com/support/servicerequest/Home.action?category=2>).\n\n \n \nThe following table presents Rational Directory Server versions and the released versions of Apache Tomcat. \n\nAffected version of Rational Directory Server| Recommended upgrade of Apache Tomcat \n---|--- \nRDS 5.2.0.2| 6.0.45 \n \n \nSupport can help identify the latest Apache Tomcat that is compatible with your operating system and platform. Publicly available versions of the Apache Tomcat are not supported with Rational Directory Server. \n \nAfter you obtain the Apache Tomcat update from Support do these steps: \n** ** \n**Procedure:**\n\n 1. Go to the Rational Directory Server installation directory. \nFor example: C:\\Program Files\\IBM\\Rational\\RDS_5.2.0.2\n 2. Locate the Start_RDAWebServer.bat and change the path to new Tomcat version. \nFor Windows example: \u201cC:\\Program Files\\IBM\\Rational\\RDS_5.2.0.2\\webAccessServer\\apache-tomcat-6.0.45\\bin\u201d \nFor Linux example : \u201c/var/IBM/Rational?RDS_5.2.0.2/WebAccessServer/apache-tomcat-6.0.45\u201d\n 3. Copy ./<old_tomcat>/webapps/*.war to ./<new tomcat>/webapps.\n 4. Copy the following files from <old_tomcat>/bin to <new tomcat>/bin:\n * GroupSchema.xsd \n * tdsbuild.property \n * TDSConfiguration.xml \n * TDSResource_en_US.xml \n * UserSchema.xsd\n* Copy the JRE path from <old_tomcat>/bin/catalina.bat to <new_tomcat>/bin/catalina.bat. \nFor Linux update the JRE path in <new_tomcat>/bin/catalina.sh from <old_tomcat>/bin/catalina.sh.\n* For Linux Only: Go to the <new_tomcat>/bin and execute the command chmod +x *.sh in terminal.\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-17T05:12:45", "type": "ibm", "title": "Security bulletin: Rational Directory Server (Tivoli) is affected by an Apache Tomcat vulnerability (CVE-2015-5174)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2018-06-17T05:12:45", "id": "2A357BC736E420699B8E644429FE72F50245305B75D003CF1E53D2C5C88D84C7", "href": "https://www.ibm.com/support/pages/node/276765", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:29", "description": "## Summary\n\nA vulnerability has been addressed in the Apache Tomcat component of IBM Cognos Metrics Manager.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5345_](<https://vulners.com/cve/CVE-2015-5345>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n * * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n * IBM Cognos Metrics Manager 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n\n\n \n[IBM Cognos Business Intelligence 10.1.1 Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>) \n[IBM Cognos Business Intelligence 10.2.x Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24042360>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-15T23:16:00", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Tomcat affects IBM Cognos Metrics Manager (CVE-2015-5345)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5345"], "modified": "2018-06-15T23:16:00", "id": "ED3133A0CA81E96794720CCDE610BF73EE2EECB2B0FFB9A5C514F344E863D936", "href": "https://www.ibm.com/support/pages/node/278573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:07:45", "description": "This update for tomcat fixes the following security issues.\n\n Tomcat has been updated from 7.0.55 to 7.0.68.\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when\n different session settings are used for deployments of multiple versions\n of the same web application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a requestedSessionSSL field\n for an unintended request, related to CoyoteAdapter.java and\n Request.java. (bsc#967814)\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in\n Apache Tomcat established sessions and send CSRF tokens for arbitrary\n new requests, which allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n * CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did\n not consider whether ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to bypass intended\n SecurityManager restrictions and read or write to arbitrary application\n data, or cause a denial of service (application disruption), via a web\n application that sets a crafted global context. (bsc#967966)\n\n See <a rel=\"nofollow\" href=\"https://tomcat.apache.org/tomcat-7.0-doc/changelog.html\">https://tomcat.apache.org/tomcat-7.0-doc/changelog.html</a> for other\n fixes since 7.0.55\n\n", "cvss3": {}, "published": "2016-03-18T19:13:35", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2016-03-18T19:13:35", "id": "SUSE-SU-2016:0822-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:39:29", "description": "This update for tomcat fixes the following issues:\n\n Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security\n issues.\n\n Fixed security issues:\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when\n different session settings are used for deployments of multiple versions\n of the same web application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a requestedSessionSSL field\n for an unintended request, related to CoyoteAdapter.java and\n Request.java. (bsc#967814)\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in\n Apache Tomcat established sessions and send CSRF tokens for arbitrary\n new requests, which allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n * CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did\n not consider whether ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to bypass intended\n SecurityManager restrictions and read or write to arbitrary application\n data, or cause a denial of service (application disruption), via a web\n application that sets a crafted global context. (bsc#967966)\n\n The full changes can be read on:\n <a rel=\"nofollow\" href=\"http://tomcat.apache.org/tomcat-8.0-doc/changelog.html\">http://tomcat.apache.org/tomcat-8.0-doc/changelog.html</a>\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "cvss3": {}, "published": "2016-03-23T18:09:46", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2016-03-23T18:09:46", "id": "OPENSUSE-SU-2016:0865-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:51:43", "description": "This update for tomcat fixes the following issues:\n\n Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security\n issues.\n\n Fixed security issues:\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when\n different session settings are used for deployments of multiple versions\n of the same web application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a requestedSessionSSL field\n for an unintended request, related to CoyoteAdapter.java and\n Request.java. (bsc#967814)\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in\n Apache Tomcat established sessions and send CSRF tokens for arbitrary\n new requests, which allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n * CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did\n not consider whether ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to bypass intended\n SecurityManager restrictions and read or write to arbitrary application\n data, or cause a denial of service (application disruption), via a web\n application that sets a crafted global context. (bsc#967966)\n\n The full changes can be read on:\n <a rel=\"nofollow\" href=\"http://tomcat.apache.org/tomcat-8.0-doc/changelog.html\">http://tomcat.apache.org/tomcat-8.0-doc/changelog.html</a>\n\n", "cvss3": {}, "published": "2016-03-15T15:12:43", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2016-03-15T15:12:43", "id": "SUSE-SU-2016:0769-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:13:39", "description": "This update for tomcat6 fixes the following issues:\n\n The version was updated from 6.0.41 to 6.0.45.\n\n Security issues fixed:\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n\n", "cvss3": {}, "published": "2016-03-21T14:14:16", "type": "suse", "title": "Security update for tomcat6 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2016-03-21T14:14:16", "id": "SUSE-SU-2016:0839-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "atlassian": [{"lastseen": "2021-07-28T14:40:36", "description": "h3. Summary\r\n\r\nWe are currently on 8.0.17 and have already been bitten by a bug in it:\r\n\r\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=57476\r\n\r\nWe should upgrade to the latest to get the latest bugfixes.\r\n\r\nAlso, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763\r\n\r\nHowever, these are related to other aspects of Tomcat:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351 (probably doesn't affect us)\r\n\r\nUpdating Tomcat to one of these versions would appear to patch all of the above CVEs:\r\n\r\n* Apache Tomcat 9.0.0.M3\r\n* Apache Tomcat 8.0.32\r\n* Apache Tomcat 7.0.68\r\n* Apache Tomcat 6.0.45\r\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-19T00:04:16", "type": "atlassian", "title": "Upgrade Tomcat to the latest 8.0.x release", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2019-03-28T00:20:10", "id": "ATLASSIAN:JRASERVER-59887", "href": "https://jira.atlassian.com/browse/JRASERVER-59887", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T19:00:35", "description": "h3. Summary\r\n\r\nWe are currently on 8.0.17 and have already been bitten by a bug in it:\r\n\r\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=57476\r\n\r\nWe should upgrade to the latest to get the latest bugfixes.\r\n\r\nAlso, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763\r\n\r\nHowever, these are related to other aspects of Tomcat:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351 (probably doesn't affect us)\r\n\r\nUpdating Tomcat to one of these versions would appear to patch all of the above CVEs:\r\n\r\n* Apache Tomcat 9.0.0.M3\r\n* Apache Tomcat 8.0.32\r\n* Apache Tomcat 7.0.68\r\n* Apache Tomcat 6.0.45\r\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-19T00:04:16", "type": "atlassian", "title": "Upgrade Tomcat to the latest 8.0.x release", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2016-10-13T22:58:20", "id": "ATLASSIAN:JRA-59887", "href": "https://jira.atlassian.com/browse/JRA-59887", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2023-12-03T15:39:11", "description": "h3. Summary\r\n\r\nWe are currently on 8.0.17 and have already been bitten by a bug in it:\r\n\r\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=57476\r\n\r\nWe should upgrade to the latest to get the latest bugfixes.\r\n\r\nAlso, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.\r\n\r\nhttps://vulners.com/cve/CVE-2015-5174\r\nhttps://vulners.com/cve/CVE-2016-0706\r\nhttps://vulners.com/cve/CVE-2016-0714\r\nhttps://vulners.com/cve/CVE-2016-0763\r\n\r\nHowever, these are related to other aspects of Tomcat:\r\n\r\nhttps://vulners.com/cve/CVE-2015-5345\r\nhttps://vulners.com/cve/CVE-2015-5346\r\nhttps://vulners.com/cve/CVE-2015-5351 (probably doesn't affect us)\r\n\r\nUpdating Tomcat to one of these versions would appear to patch all of the above CVEs:\r\n\r\n* Apache Tomcat 9.0.0.M3\r\n* Apache Tomcat 8.0.32\r\n* Apache Tomcat 7.0.68\r\n* Apache Tomcat 6.0.45\r\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-02-19T00:04:16", "type": "atlassian", "title": "Upgrade Tomcat to the latest 8.0.x release", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2019-03-28T00:20:10", "id": "JRASERVER-59887", "href": "https://jira.atlassian.com/browse/JRASERVER-59887", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T18:34:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:0865-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851257", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851257\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-24 06:15:25 +0100 (Thu, 24 Mar 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\",\n \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:0865-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security\n issues.\n\n Fixed security issues:\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n\n * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when\n different session settings are used for deployments of multiple versions\n of the same web application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a requestedSessionSSL field\n for an unintended request, related to CoyoteAdapter.java and\n Request.java. (bsc#967814)\n\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n\n * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in\n Apache Tomcat established sessions and send CSRF tokens for arbitrary\n new requests, which allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n\n * CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did\n not consider whether ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to bypass intended\n SecurityManager restrictions and read or write to arbitrary application\n data, or cause a denial of service (application disruption), via a web\n app ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0865-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.32~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:27", "description": "Mageia Linux Local Security Checks mgasa-2016-0090", "cvss3": {}, "published": "2016-03-03T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0090", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310131247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0090.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131247\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-03 14:39:17 +0200 (Thu, 03 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0090\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0090.html\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0090\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.68~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"tomcat-native\", rpm:\"tomcat-native~1.1.34~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-19T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for tomcat (SUSE-SU-2016:0822-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851245", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851245\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-19 06:18:04 +0100 (Sat, 19 Mar 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\",\n \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for tomcat (SUSE-SU-2016:0822-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following security issues.\n\n Tomcat has been updated from 7.0.55 to 7.0.68.\n\n * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in\n Apache Tomcat allowed remote authenticated users to bypass intended\n SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a\n getResource, getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n\n * CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when\n different session settings are used for deployments of multiple versions\n of the same web application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a requestedSessionSSL field\n for an unintended request, related to CoyoteAdapter.java and\n Request.java. (bsc#967814)\n\n * CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects\n before considering security constraints and Filters, which allowed\n remote attackers to determine the existence of a directory via a URL\n that lacks a trailing / (slash) character. (bsc#967965)\n\n * CVE-2015-5351: The (1) Manager and (2) Host Manager applications in\n Apache Tomcat established sessions and send CSRF tokens for arbitrary\n new requests, which allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n\n * CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties list, which\n allowed remote authenticated users to bypass intended SecurityManager\n restrictions and read arbitrary HTTP requests, and consequently\n discover session ID values, via a crafted web application. (bsc#967815)\n\n * CVE-2016-0714: The session-persistence implementation in Apache Tomcat\n mishandled session attributes, which allowed remote authenticated users\n to bypass intended SecurityManager restrictions and execute arbitrary\n code in a privileged context via a web application that places a crafted\n object in a session. (bsc#967964)\n\n * CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did\n not consider whether ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to bypass intended\n SecurityManager restrictions and read or write to arbitrary application\n data, or cause a denial of service (application disruption), via a web\n application that sets a crafted global ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"tomcat on SUSE Linux Enterprise Server 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:0822-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2_2-api\", rpm:\"tomcat-el-2_2-api~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_2-api\", rpm:\"tomcat-jsp-2_2-api~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_0-api\", rpm:\"tomcat-servlet-3_0-api~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.68~7.6.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-3024-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-3092", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310842823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat7 USN-3024-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842823\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-06 05:25:52 +0200 (Wed, 06 Jul 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\",\n \t\"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat7 USN-3024-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly\n handled pathnames used by web applications in a getResource, getResourceAsStream,\n or getResourcePaths call. A remote attacker could use this issue to possibly list\n a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS\n and Ubuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)\n\nIt was discovered that Tomcat incorrectly handled different session\nsettings when multiple versions of the same web application was deployed. A\nremote attacker could possibly use this issue to hijack web sessions. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346)\n\nIt was discovered that the Tomcat Manager and Host Manager applications\nincorrectly handled new requests. A remote attacker could possibly use this\nissue to bypass CSRF protection mechanisms. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the\nRestrictedServlets list. A remote attacker could possibly use this issue to\nread arbitrary HTTP requests, including session ID values. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.\n(CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could possibly\nuse this issue to execute arbitrary code in a privileged context. This\nissue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.\n(CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. A remote attacker could possibly use\nthis issue to read or write to arbitrary application data, or cause a denial\nof service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled\ncertain upload requests. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2016-3092)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3024-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3024-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.68-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.64-1ubuntu0.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:58:22", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-0763", "CVE-2015-5346", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120669", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120669\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:02:12 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-679)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat8 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-679.html\");\n script_cve_id(\"CVE-2016-0763\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0714\", \"CVE-2016-0706\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8\", rpm:\"tomcat8~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-javadoc\", rpm:\"tomcat8-javadoc~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-docs-webapp\", rpm:\"tomcat8-docs-webapp~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-servlet-3.1-api\", rpm:\"tomcat8-servlet-3.1-api~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-admin-webapps\", rpm:\"tomcat8-admin-webapps~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-lib\", rpm:\"tomcat8-lib~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-jsp-2.3-api\", rpm:\"tomcat8-jsp-2.3-api~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-webapps\", rpm:\"tomcat8-webapps~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-log4j\", rpm:\"tomcat8-log4j~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-el-3.0-api\", rpm:\"tomcat8-el-3.0-api~8.0.32~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:31", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial\nof service.", "cvss3": {}, "published": "2016-07-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3609-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-3092", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703609", "href": "http://plugins.openvas.org/nasl.php?oid=703609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3609.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3609-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703609);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\",\n \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_name(\"Debian Security Advisory DSA 3609-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-07 16:51:37 +0530 (Thu, 07 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3609.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet\nand the JavaServer Pages (JSP)\nspecifications from Oracle, and provides a 'pure Java' HTTP web\nserver environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.0.36-1.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial\nof service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:34:57", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial\nof service.", "cvss3": {}, "published": "2016-07-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3609-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-3092", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703609", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3609.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3609-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703609\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\",\n \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_name(\"Debian Security Advisory DSA 3609-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-07 16:51:37 +0530 (Thu, 07 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3609.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.0.36-1.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:55:07", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120670", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120670\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:02:13 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-680)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat7 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-680.html\");\n script_cve_id(\"CVE-2016-0763\", \"CVE-2015-5351\", \"CVE-2015-5345\", \"CVE-2016-0714\", \"CVE-2016-0706\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-log4j\", rpm:\"tomcat7-log4j~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.68~1.15.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:49:21", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2016-1054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-3092", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220161054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161054", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1054\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:41:14 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2016-1054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2016-1054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.(CVE-2015-5174)\n\nThe Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.(CVE-2015-5345)\n\nThe (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.(CVE-2015-5351)\n\nApache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.(CVE-2016-0706)\n\nThe session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.(CVE-2016-0714)\n\nThe setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.(CVE-2016-0763)\n\nThe MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.(CVE-2016-3092)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.", "cvss3": {}, "published": "2016-04-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3552-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0119", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706", "CVE-2014-0096"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703552", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3552.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3552-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703552\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2014-0096\", \"CVE-2014-0119\", \"CVE-2015-5174\", \"CVE-2015-5345\",\n \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3552-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-17 00:00:00 +0200 (Sun, 17 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3552.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8|9)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 7.0.28-4+deb7u4. This update also fixes\nCVE-2014-0119 and CVE-2014-0096 .\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version\nusing the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:56:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2016:2599-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2016-3092", "CVE-2015-5345", "CVE-2016-0763", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871701", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871701\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:30 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\",\n \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2016:2599-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n * A CSRF flaw was found in Tomcat's the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n * It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n * A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n * A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n * A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..' in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call. (CVE-2015-5174)\n\n * It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n * It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"tomcat on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2599-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00035.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:56:13", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-681)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120671", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120671\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:02:14 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-681)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat6 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-681.html\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0714\", \"CVE-2016-0706\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.45~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:07", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.", "cvss3": {}, "published": "2016-04-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3552-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0119", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706", "CVE-2014-0096"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703552", "href": "http://plugins.openvas.org/nasl.php?oid=703552", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3552.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3552-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703552);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2014-0096\", \"CVE-2014-0119\", \"CVE-2015-5174\", \"CVE-2015-5345\",\n \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3552-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-04-17 00:00:00 +0200 (Sun, 17 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3552.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet\nand the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a\n'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 7.0.28-4+deb7u4. This update also fixes\nCVE-2014-0119 and CVE-2014-0096 .\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version\nusing the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-14T18:56:03", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2016:2045 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882576", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882576\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-12 05:45:01 +0200 (Wed, 12 Oct 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2016:2045 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..' in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps\ndirectory. (CVE-2015-5174)\n\n * It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n * It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\n\nBug Fix(es):\n\n * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum,\nsize, and mtime attributes were compared to the file's attributes at\ninstallation time. Because these attributes change after the service is\nstarted, the 'rpm -V' command previously failed. With this update, the\nattributes mentioned above are ignored in the RPM verification and the\ncatalina.out file now passes the verification check. (BZ#1357123)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2045\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-October/022119.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2016:2045-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871669", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871669\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-11 06:32:01 +0200 (Tue, 11 Oct 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2016:2045-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..' in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps\ndirectory. (CVE-2015-5174)\n\n * It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n * It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\n\nBug Fix(es):\n\n * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum,\nsize, and mtime attributes were compared to the file's attributes at\ninstallation time. Because these attributes change after the service i ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2045-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-October/msg00018.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-05T18:54:46", "description": "This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2016-0706"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_security_manager_bypass_vuln01_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807415\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0714\", \"CVE-2016-0706\");\n script_bugtraq_id(83324, 83327);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:45:11 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an improper validation\n of several session persistence mechanisms and the StatusManagerServlet loaded\n by a web application when a security manager was configured.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and execute\n arbitrary code in a privileged context and read arbitrary HTTP requests, and\n consequently discover session ID values.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.0.0 before 6.0.45, and\n 7.0.0 before 7.0.68, 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.68 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.45\"))\n {\n fix = \"6.0.46\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:51:54", "description": "This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2016-0706"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_security_manager_bypass_vuln01_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807408\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0714\", \"CVE-2016-0706\");\n script_bugtraq_id(83324, 83327);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Security Manager Bypass Vulnerability - 01 - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an improper validation\n of several session persistence mechanisms and the StatusManagerServlet loaded\n by a web application when a security manager was configured.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and execute\n arbitrary code in a privileged context and read arbitrary HTTP requests, and\n consequently discover session ID values.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.0.0 before 6.0.45, and\n 7.0.0 before 7.0.68, 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.68 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.44\"))\n {\n fix = \"6.0.45\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:04", "description": "Multiple security vulnerabilities have\nbeen fixed in the Tomcat servlet and JSP engine, which may result on bypass of\nsecurity manager restrictions, information disclosure, denial of service or session\nfixation.", "cvss3": {}, "published": "2016-03-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3530-1 (tomcat6 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2014-0227", "CVE-2014-0230", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2015-5346", "CVE-2013-4286", "CVE-2015-5174", "CVE-2013-4590", "CVE-2014-7810", "CVE-2016-0706", "CVE-2014-0096", "CVE-2014-0075", "CVE-2014-0033"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703530", "href": "http://plugins.openvas.org/nasl.php?oid=703530", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3530.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3530-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703530);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2013-4286\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0033\",\n \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\",\n \"CVE-2014-0227\", \"CVE-2014-0230\", \"CVE-2014-7810\", \"CVE-2015-5174\",\n \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\",\n \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3530-1 (tomcat6 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-25 00:00:00 +0100 (Fri, 25 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3530.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat6 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Sun Microsystems,\nand provides a 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 6.0.45+dfsg-1~deb7u1.\n\nWe recommend that you upgrade your tomcat6 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have\nbeen fixed in the Tomcat servlet and JSP engine, which may result on bypass of\nsecurity manager restrictions, information disclosure, denial of service or session\nfixation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.45+dfsg-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T22:55:09", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-11T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-658)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5174", "CVE-2014-7810"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120648", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120648\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 07:09:12 +0200 (Fri, 11 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-658)\");\n script_tag(name:\"insight\", value:\"A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174 )The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345 )It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810 )\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat8 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-658.html\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8\", rpm:\"tomcat8~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-log4j\", rpm:\"tomcat8-log4j~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-lib\", rpm:\"tomcat8-lib~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-admin-webapps\", rpm:\"tomcat8-admin-webapps~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-javadoc\", rpm:\"tomcat8-javadoc~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-servlet-3.1-api\", rpm:\"tomcat8-servlet-3.1-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-el-3.0-api\", rpm:\"tomcat8-el-3.0-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-docs-webapp\", rpm:\"tomcat8-docs-webapp~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-jsp-2.3-api\", rpm:\"tomcat8-jsp-2.3-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-webapps\", rpm:\"tomcat8-webapps~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:56:48", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-11T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-657)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346", "CVE-2015-5174", "CVE-2014-7810"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120647", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120647\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 07:09:11 +0200 (Fri, 11 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-657)\");\n script_tag(name:\"insight\", value:\"A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174 )A session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. (CVE-2015-5346 )It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810 )\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat7 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-657.html\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5346\", \"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-log4j\", rpm:\"tomcat7-log4j~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.67~1.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:39", "description": "Multiple security vulnerabilities have\nbeen fixed in the Tomcat servlet and JSP engine, which may result on bypass of\nsecurity manager restrictions, information disclosure, denial of service or session\nfixation.", "cvss3": {}, "published": "2016-03-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3530-1 (tomcat6 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2014-0227", "CVE-2014-0230", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2015-5346", "CVE-2013-4286", "CVE-2015-5174", "CVE-2013-4590", "CVE-2014-7810", "CVE-2016-0706", "CVE-2014-0096", "CVE-2014-0075", "CVE-2014-0033"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703530", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3530.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3530-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703530\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2013-4286\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0033\",\n \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\",\n \"CVE-2014-0227\", \"CVE-2014-0230\", \"CVE-2014-7810\", \"CVE-2015-5174\",\n \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\",\n \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3530-1 (tomcat6 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 00:00:00 +0100 (Fri, 25 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3530.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"tomcat6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 6.0.45+dfsg-1~deb7u1.\n\nWe recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have\nbeen fixed in the Tomcat servlet and JSP engine, which may result on bypass of\nsecurity manager restrictions, information disclosure, denial of service or session\nfixation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.45+dfsg-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:22", "description": "This host is installed with Apache Tomcat\n and is prone to a Session Fixation Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Session Fixation Vulnerability - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_session_fixation_vuln_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Session Fixation Vulnerability - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807409\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5346\");\n script_bugtraq_id(83323);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Session Fixation Vulnerability - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to a Session Fixation Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to insufficient recycling of the\n requestedSessionSSL field.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to hijack web sessions by leveraging use of a requestedSessionSSL\n field for an unintended request.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.5 before 7.0.66,\n 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.66 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.5\", test_version2:\"7.0.65\"))\n {\n fix = \"7.0.66\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.31\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:43", "description": "This host is installed with Apache Tomcat\n and is prone to Limited Directory Traversal Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_limited_directory_traversal_vuln_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807411\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5174\");\n script_bugtraq_id(83329);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:39:41 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Limited Directory Traversal Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n path while accessing resources via the ServletContext methods getResource(),\n getResourceAsStream() and getResourcePaths() the paths should be limited to\n the current web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and\n list a parent directory.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.45,\n 7.x before 7.0.65, and 8.0.0.RC1 before 8.0.27 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.65 or\n 8.0.27 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-8]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.44\"))\n {\n fix = \"6.0.45\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.64\"))\n {\n fix = \"7.0.65\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0\", test_version2:\"8.0.26\"))\n {\n fix = \"8.0.27\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:40", "description": "This host is installed with Apache Tomcat\n and is prone to a Session Fixation Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Session Fixation Vulnerability - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_session_fixation_vuln_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Session Fixation Vulnerability - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807413\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5346\");\n script_bugtraq_id(83323);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:42:54 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Session Fixation Vulnerability - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to a Session Fixation Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to insufficient recycling of the\n requestedSessionSSL field.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to hijack web sessions by leveraging use of a requestedSessionSSL\n field for an unintended request.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.5 before 7.0.66,\n 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.66 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.5\", test_version2:\"7.0.65\"))\n {\n fix = \"7.0.66\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "description": "This host is installed with Apache Tomcat\n and is prone to Directory Disclosure Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_directory_disclosure_vuln_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807407\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5345\");\n script_bugtraq_id(83328);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Directory Disclosure Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper accessing a\n directory protected by a security constraint with a URL that did not end in\n a slash.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to determine the existence of a directory.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.45,\n 7.x before 7.0.67, 8.0.0.RC1 before 8.0.30, and 9.0.0.M1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.67 or\n 8.0.30 or 9.0.0.M3 later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=58765\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-8]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.44\"))\n {\n fix = \"6.0.45\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.66\"))\n {\n fix = \"7.0.67\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.29\"))\n {\n fix = \"8.0.30\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:11", "description": "This host is installed with Apache Tomcat\n and is prone to Directory Disclosure Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807412", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_directory_disclosure_vuln_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807412\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5345\");\n script_bugtraq_id(83328);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:41:53 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Directory Disclosure Vulnerability - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Directory Disclosure Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper accessing a\n directory protected by a security constraint with a URL that did not end in\n a slash.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to determine the existence of a directory.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.45,\n 7.x before 7.0.67, 8.0.0.RC1 before 8.0.30, and 9.0.0.M1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.67 or\n 8.0.30 or 9.0.0.M3 later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=58765\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-8]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.44\"))\n {\n fix = \"6.0.45\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.66\"))\n {\n fix = \"7.0.67\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.29\"))\n {\n fix = \"8.0.30\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-05T18:54:34", "description": "This host is installed with Apache Tomcat\n and is prone to CSRF Token Leak Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_csrf_token_leak_vuln_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807410\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2015-5351\");\n script_bugtraq_id(83330);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:34:55 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to CSRF Token Leak Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in index page\n of the Manager and Host Manager applications included a valid CSRF token when\n issuing a redirect .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass a CSRF protection mechanism by using a token.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.1 before 7.0.68,\n 8.0.0.RC1 before 8.0.32, and 9.0.0.M1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.68, or 8.0.32 or\n 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.1\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:14", "description": "This host is installed with Apache Tomcat\n and is prone to Limited Directory Traversal Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_limited_directory_traversal_vuln_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807404\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2015-5174\");\n script_bugtraq_id(83329);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Limited Directory Traversal Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n path while accessing resources via the ServletContext methods getResource(),\n getResourceAsStream() and getResourcePaths() the paths should be limited to\n the current web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and\n list a parent directory.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.45,\n 7.x before 7.0.65, and 8.0.0.RC1 before 8.0.27 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.45 or 7.0.65 or\n 8.0.27 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-8]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.44\"))\n {\n fix = \"6.0.45\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.64\"))\n {\n fix = \"7.0.65\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0\", test_version2:\"8.0.26\"))\n {\n fix = \"8.0.27\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:45", "description": "This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0763"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_security_manager_bypass_vuln_lin.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807414\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2016-0763\");\n script_bugtraq_id(83326);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 14:43:49 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n 'ResourceLinkFactory.setGlobalContext()' method and is accessible by web\n applications running under a security manager without any checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and read\n or write to arbitrary application data, or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.0 before 7.0.68,\n 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 before 9.0.0.M2 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.68 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M2\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:54:31", "description": "This host is installed with Apache Tomcat\n and is prone to CSRF Token Leak Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807405", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_csrf_token_leak_vuln_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807405\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2015-5351\");\n script_bugtraq_id(83330);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat CSRF Token Leak Vulnerability - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to CSRF Token Leak Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in index page\n of the Manager and Host Manager applications included a valid CSRF token when\n issuing a redirect .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass a CSRF protection mechanism by using a token.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.1 before 7.0.68,\n 8.0.0.RC1 before 8.0.32, and 9.0.0.M1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.68, or 8.0.32 or\n 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.1\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.31\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_is_equal(version:appVer, test_version:\"9.0.0.M1\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:24", "description": "This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.", "cvss3": {}, "published": "2016-02-25T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0763"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310807406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_security_manager_bypass_vuln_win.nasl 2016-02-25 11:25:47 +0530 Feb$\n#\n# Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807406\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2016-0763\");\n script_bugtraq_id(83326);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-25 11:25:47 +0530 (Thu, 25 Feb 2016)\");\n script_name(\"Apache Tomcat Security Manager Bypass Vulnerability - Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to Security Manager Bypass Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper validation of\n 'ResourceLinkFactory.setGlobalContext()' method and is accessible by web\n applications running under a security manager without any checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n authenticated users to bypass intended SecurityManager restrictions and read\n or write to arbitrary application data, or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.0 before 7.0.68,\n 8.0.0.RC1 before 8.0.31, and 9.0.0.M1 before 9.0.0.M2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.68 or\n 8.0.32 or 9.0.0.M3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[7-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.67\"))\n {\n fix = \"7.0.68\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.30\"))\n {\n fix = \"8.0.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M2\"))\n {\n fix = \"9.0.0.M3\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2021-11-07T10:50:50", "description": "### SUMMARY\n\nBlue Coat products that include affected versions of Apache Tomcat are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to determine the existence of a directory that they are not authorized to view, and perform session fixation and CSRF attacks. An authenticated remote attacker, who can access the management interface and deploy a malicious web application, can also execute arbitrary code, impersonate authenticated clients, view the directory listing of the Apache Tomcat web applications directory, gain unauthorized read/write access to data owned by other deployed web applications, and disrupt other deployed web applications. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5345 | 6.1 | Upgrade to 6.1.22.1. \n \n \n\n**IntelligenceCenter (IC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5174, CVE-2015-5345, \nCVE-2016-0706, CVE-2016-0714 | 3.3 | Upgrade to 3.3.3.3. \n \n \n\n**IntelligenceCenter Data Collector (DC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVes | 3.3 | Upgrade to a version of NetDialog NetX with fixes. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5345 | 1.11 and later | Not vulnerable, fixed in 1.11.1.1 \n1.5, 1.6, 1.7, 1.8, 1.9, 1.10 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5174, CVE-2015-5345, \nCVE-2015-5346, CVE-2016-0706, \nCVE-2016-0714, CVE-2016-0763 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Upgrade to later release with fixes. \n \n \n\nThe following products have a vulnerable version of Apache Tomcat, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5174, CVE-2015-5345, \nCVE-2015-5346, CVE-2016-0706, \nCVE-2016-0714, CVE-2016-0763 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 | Upgrade to 6.6.5.8. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5174, CVE-2015-5345, \nCVE-2015-5346, CVE-2016-0706, \nCVE-2016-0714, CVE-2016-0763 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.3 | Upgrade to 1.3.7.5. \n1.2 | Upgrade to later release with fixes \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5174, CVE-2015-5345, \nCVE-2015-5346, CVE-2016-0706, \nCVE-2016-0714, CVE-2016-0763 | 1.1 | Not available at this time \n \n### \nADDITIONAL PRODUCT INFORMATION\n\nBlue Coat products that use a native installation of Apache Tomcat but do not install or maintain it are not vulnerable to any of the CVEs in this Security Advisory. However, the underlying platform or application that installs and maintains Apache Tomcat may be vulnerable. Blue Coat urges customers using the Blue Coat HSM Agent for the SafeNet Luna SP to contact SafeNet for more information about these vulnerabilities.\n\nBlue Coat products do not enable or use all functionality within Apache Tomcat. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763\n * **CAS:** CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763\n * **Director:** CVE-2015-5174, CVE-2016-0706, and CVE-2016-0714\n * **MTD:** CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763\n * **MC:** CVE-2015-5174, CVE-2015-5346, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nK9 \nMalware Analysis Appliance \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nReporter \nSecurity Analytics \nSSL Visibility \nUnified Agent \nWeb Isolation**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2015-5174** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83329](<https://www.securityfocus.com/bid/83329>) / NVD: [CVE-2015-5174](<https://nvd.nist.gov/vuln/detail/CVE-2015-5174>) \n**Impact** | Information disclosure \n**Description** | A flaw in the ServletContext class allows a remote attacker to bypass security restrictions and obtain the directory listing of the Tomcat web applications directory. The attacker must be able to deploy a malicious web application to exploit the vulnerability. \n \n \n\n**CVE-2015-5345** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83328](<https://www.securityfocus.com/bid/83328>) / NVD: [CVE-2015-5345](<https://nvd.nist.gov/vuln/detail/CVE-2015-5345>) \n**Impact** | Information disclosure \n**Description** | A flaw in the request redirect logic allows a remote attacker to determine the existence of a directory that the attacker is not authorized to view. \n \n \n\n**CVE-2015-5346** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 83323](<https://www.securityfocus.com/bid/83323>) / NVD: [CVE-2015-5346](<https://nvd.nist.gov/vuln/detail/CVE-2015-5346>) \n**Impact** | Session hijacking \n**Description** | A flaw in Request object recycling allows a remote attacker, who can force a client to use a recycled Request object, to perform a session fixation attack if the web application is configured to use the SSL session ID as the HTTP session ID. A successful session fixation attack allows the remote attacker to send malicious requests to the victim on behalf of an authenticated user. \n \n \n\n**CVE-2015-5351** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 83330](<https://www.securityfocus.com/bid/83330>) / NVD: [CVE-2015-5351](<https://nvd.nist.gov/vuln/detail/CVE-2015-5351>) \n**Impact** | Cross-site request forgery (CSRF) \n**Description** | A flaw in the Manager and Host Manager applications allows a remote attacker to obtain a valid CSRF token and use the token perform a CSRF attack. \n \n \n\n**CVE-2016-0706** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83324](<https://www.securityfocus.com/bid/83324>) / NVD: [CVE-2016-0706](<https://nvd.nist.gov/vuln/detail/CVE-2016-0706>) \n**Impact** | Information disclosure \n**Description** | A flaw in servlet restrictions allows a remote attacker to bypass security restrictions and obtain the currently processed HTTP request lines for all deployed web applications. The HTTP requests obtained include web application session IDs, which may allow the attacker to impersonate authenticated users of any deployed web application. The attacker must be able to deploy a malicious web application to exploit the vulnerability. \n \n \n\n**CVE-2016-0714** \n--- \n**Severity / CVSSv2** | Medium / 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 83327](<https://www.securityfocus.com/bid/83327>) / NVD: [CVE-2016-0714](<https://nvd.nist.gov/vuln/detail/CVE-2016-0714>) \n**Impact** | Code execution \n**Description** | A flaw in session persistence allows a remote attacker to bypass security restrictions and execute arbitrary code in a privileged context by passing a crafted object in a session. The attacker must be able to deploy a malicious web application to exploit the vulnerability. \n \n \n\n**CVE-2016-0763** \n--- \n**Severity / CVSSv2** | Medium / 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 83326](<https://www.securityfocus.com/bid/83326>) / NVD: [CVE-2016-0763](<https://nvd.nist.gov/vuln/detail/CVE-2016-0763>) \n**Impact** | Information disclosure, unauthorized modification of data, denial of service \n**Description** | A flaw in the ResourceLinkFactory class allows a remote attacker to bypass security restrictions and gain unauthorized read and write access to data owned by deployed web applications. The attacker can also disrupt deployed web applications, causing denial of service. The attacker must be able to deploy a malicious web application to exploit the vulnerability. \n \n### \nMITIGATION\n\nThese vulnerabilities can be exploited only through the management interfaces for all vulnerable products. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities. \n \n\n\n### REFERENCES\n\nApache Tomcat 6 vulnerabilities - <https://tomcat.apache.org/security-6.html> \nApache Tomcat 7 vulnerabilities - <https://tomcat.apache.org/security-7.html> \nApache Tomcat 8 vulnerabilities - [https://tomcat.apache.org/security-8.html](<http://tomcat.apache.org/security-8.html>) \nApache Tomcat 9 vulnerabilities - [https://tomcat.apache.org/security-9.html](<http://tomcat.apache.org/security-8.html>) \n \n\n\n### REVISION\n\n2020-04-21 Advisory status moved to Closed. \n2019-10-03 Web Isolation is not vulnerable. \n2019-08-20 A fix for IntelligenceCenter Data Collector (DC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes. \n2019-01-14 MC 2.0 and 2.1 are not vulnerable. \n2018-04-22 CAS 2.2 and 2.3 are not vulnerable. \n2017-11-07 MC 1.11 is not vulnerable because a fix is available in 1.11.1.1. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fix. \n2017-11-06 ASG 6.7 is not vulnerable. \n2017-07-20 MC 1.10 is vulnerable to CVE-2015-5345. Exploiting the vulnerability does not have any security impact because MC does not have any non-public directories or web applications. A fix for CVE-2015-5345 in MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fix. \n2017-05-26 A fix for CAS 1.3 is available in 1.3.7.5. \n2017-05-19 A fix for ASG 6.6 is available in 6.6.5.8. \n2017-05-18 CAS 2.1 is not vulnerable because a fix is available in 2.1.1.1. \n2017-03-30 MC 1.9 is vulnerable to CVE-2015-5345. Exploiting the vulnerability does not have any security impact because MC does not have any non-public directories or web applications. \n2017-03-06 MC 1.8 is vulnerable to CVE-2015-5345. Exploiting the vulnerability does not have any security impact because MC does not have any non-public directories or web applications. \n2017-02-07 A fix for IntelligenceCenter is available in 3.3.3.3. \n2016-11-29 A fix for Director is available in 6.1.22.1. Customers should contact Digital Guardian regarding vulnerability information for DLP. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. MC 1.6 and 1.7 are vulnerable to CVE-2015-5345. Exploiting the vulnerability does not have any security impact because MC does not have any non-public directories or web applications. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-04-25 MTD 1.1 has vulnerable code for multiple CVEs, but is not vulnerable to known vectors of attack. \n2016-04-22 IntelligenceCenter 3.3 is vulnerable to CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714. \n2016-03-23 Previously it was reported that CAS 1.2 and 1.3 are vulnerable to CVE-2015-5345 and CVE-2015-5346. Further investigation shows that CAS 1.2 and 1.3 only have vulnerable code for these CVEs, but are not vulnerable to known vectors of attack. Fixes for these CVEs will still included in the patches that are provided. \n2016-03-23 X-Series XOS 9.7 is vulnerable CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2016-0706, CVE-2016-0714, and CVE-2016-0763. \n2016-03-17 IntelligenceCenter Data Collector is vulnerable to all CVEs. \n2016-03-15 initial public release\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-15T08:00:00", "type": "symantec", "title": "SA118 : February 2016 Apache Tomcat Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-05-04T21:57:36", "id": "SMNTC-1353", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-02T15:16:15", "description": "This update for tomcat fixes the following issues :\n\nTomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues.\n\nFixed security issues :\n\n - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)\n\n - CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when different session settings are used for deployments of multiple versions of the same web application, might have allowed remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.\n (bsc#967814)\n\n - CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965)\n\n - CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat established sessions and send CSRF tokens for arbitrary new requests, which allowed remote attackers to bypass a CSRF protection mechanism by using a token. (bsc#967812)\n\n - CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815)\n\n - CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964)\n\n - CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.\n (bsc#967966)\n\nThe full changes can be read on:\nhttp://tomcat.apache.org/tomcat-8.0-doc/changelog.html\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-03-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-384.NASL", "href": "https://www.tenable.com/plugins/nessus/90136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90136);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-384)\");\n script_summary(english:\"Check for the openSUSE-2016-384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tomcat fixes the following issues :\n\nTomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security\nissues.\n\nFixed security issues :\n\n - CVE-2015-5174: Directory traversal vulnerability in\n RequestUtil.java in Apache Tomcat allowed remote\n authenticated users to bypass intended SecurityManager\n restrictions and list a parent directory via a /..\n (slash dot dot) in a pathname used by a web application\n in a getResource, getResourceAsStream, or\n getResourcePaths call, as demonstrated by the\n $CATALINA_BASE/webapps directory. (bsc#967967)\n\n - CVE-2015-5346: Session fixation vulnerability in Apache\n Tomcat when different session settings are used for\n deployments of multiple versions of the same web\n application, might have allowed remote attackers to\n hijack web sessions by leveraging use of a\n requestedSessionSSL field for an unintended request,\n related to CoyoteAdapter.java and Request.java.\n (bsc#967814)\n\n - CVE-2015-5345: The Mapper component in Apache Tomcat\n processes redirects before considering security\n constraints and Filters, which allowed remote attackers\n to determine the existence of a directory via a URL that\n lacks a trailing / (slash) character. (bsc#967965)\n\n - CVE-2015-5351: The (1) Manager and (2) Host Manager\n applications in Apache Tomcat established sessions and\n send CSRF tokens for arbitrary new requests, which\n allowed remote attackers to bypass a CSRF protection\n mechanism by using a token. (bsc#967812)\n\n - CVE-2016-0706: Apache Tomcat did not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties\n list, which allowed remote authenticated users to bypass\n intended SecurityManager restrictions and read arbitrary\n HTTP requests, and consequently discover session ID\n values, via a crafted web application. (bsc#967815)\n\n - CVE-2016-0714: The session-persistence implementation in\n Apache Tomcat mishandled session attributes, which\n allowed remote authenticated users to bypass intended\n SecurityManager restrictions and execute arbitrary code\n in a privileged context via a web application that\n places a crafted object in a session. (bsc#967964)\n\n - CVE-2016-0763: The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in\n Apache Tomcat did not consider whether\n ResourceLinkFactory.setGlobalContext callers are\n authorized, which allowed remote authenticated users to\n bypass intended SecurityManager restrictions and read or\n write to arbitrary application data, or cause a denial\n of service (application disruption), via a web\n application that sets a crafted global context.\n (bsc#967966)\n\nThe full changes can be read on:\nhttp://tomcat.apache.org/tomcat-8.0-doc/changelog.html\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/tomcat-8.0-doc/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967967\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.32-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.32-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:21:20", "description": "Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.\n\nSecurity Fix(es) :\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss Web Server (RHSA-2016:1087)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd24", "p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd24-devel", "p-cpe:/a:redhat:enterprise_linux:httpd24-manual", "p-cpe:/a:redhat:enterprise_linux:httpd24-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap24", "p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html", "p-cpe:/a:redhat:enterprise_linux:mod_security-jws3", "p-cpe:/a:redhat:enterprise_linux:mod_security-jws3-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_session24", "p-cpe:/a:redhat:enterprise_linux:mod_ssl24", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1087.NASL", "href": "https://www.tenable.com/plugins/nessus/91245", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1087. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91245);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"RHSA\", value:\"2016:1087\");\n\n script_name(english:\"RHEL 6 : JBoss Web Server (RHSA-2016:1087)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.2, and includes bug fixes and\nenhancements, which are documented in the Release Notes documented\nlinked to in the References.\n\nSecurity Fix(es) :\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_security-jws3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_security-jws3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1087\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws-3\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-debuginfo-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-debuginfo-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-devel-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-devel-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-manual-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"httpd24-manual-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-tools-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-tools-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ldap24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ldap24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_proxy24_html-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_proxy24_html-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_security-jws3-2.8.0-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_security-jws3-2.8.0-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_security-jws3-debuginfo-2.8.0-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_security-jws3-debuginfo-2.8.0-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_session24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_session24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl24-2.4.6-61.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.59-50_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.18-61_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.18-61_patch_01.ep7.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:23:05", "description": "It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)\n\nIt was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346)\n\nIt was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-06T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-3024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-user", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libservlet3.0-java"], "id": "UBUNTU_USN-3024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3024-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91954);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2015-5174\",\n \"CVE-2015-5345\",\n \"CVE-2015-5346\",\n \"CVE-2015-5351\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\",\n \"CVE-2016-3092\"\n );\n script_xref(name:\"USN\", value:\"3024-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-3024-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that Tomcat incorrectly handled pathnames used by\nweb applications in a getResource, getResourceAsStream, or\ngetResourcePaths call. A remote attacker could use this issue to\npossibly list a parent directory . This issue only affected Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)\n\nIt was discovered that Tomcat incorrectly handled different session\nsettings when multiple versions of the same web application was\ndeployed. A remote attacker could possibly use this issue to hijack\nweb sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n15.10. (CVE-2015-5346)\n\nIt was discovered that the Tomcat Manager and Host Manager\napplications incorrectly handled new requests. A remote attacker could\npossibly use this issue to bypass CSRF protection mechanisms. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on\nthe RestrictedServlets list. A remote attacker could possibly use this\nissue to read arbitrary HTTP requests, including session ID values.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu\n15.10. (CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could\npossibly use this issue to execute arbitrary code in a privileged\ncontext. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS\nand Ubuntu 15.10. (CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. A remote attacker could possibly\nuse this issue to read or wite to arbitrary application data, or cause\na denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly\nhandled certain upload requests. A remote attacker could possibly use\nthis issue to cause a denial of service. (CVE-2016-3092).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3024-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5351\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-0714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'libservlet3.0-java', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'libtomcat7-java', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'tomcat7', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'tomcat7-admin', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'tomcat7-common', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'tomcat7-examples', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '14.04', 'pkgname': 'tomcat7-user', 'pkgver': '7.0.52-1ubuntu0.6'},\n {'osver': '16.04', 'pkgname': 'libservlet3.0-java', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'libtomcat7-java', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'tomcat7', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'tomcat7-admin', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'tomcat7-common', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'tomcat7-examples', 'pkgver': '7.0.68-1ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'tomcat7-user', 'pkgver': '7.0.68-1ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet3.0-java / libtomcat7-java / tomcat7 / tomcat7-admin / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:20:32", "description": "Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.\n\nSecurity Fix(es) :\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss Web Server (RHSA-2016:1088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd24", "p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd24-devel", "p-cpe:/a:redhat:enterprise_linux:httpd24-manual", "p-cpe:/a:redhat:enterprise_linux:httpd24-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap24", "p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html", "p-cpe:/a:redhat:enterprise_linux:mod_security-jws3", "p-cpe:/a:redhat:enterprise_linux:mod_security-jws3-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_session24", "p-cpe:/a:redhat:enterprise_linux:mod_ssl24", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-1088.NASL", "href": "https://www.tenable.com/plugins/nessus/91246", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1088. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91246);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"RHSA\", value:\"2016:1088\");\n\n script_name(english:\"RHEL 7 : JBoss Web Server (RHSA-2016:1088)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.2, and includes bug fixes and\nenhancements, which are documented in the Release Notes documented\nlinked to in the References.\n\nSecurity Fix(es) :\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_security-jws3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_security-jws3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1088\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"jws-3\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-debuginfo-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-devel-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-manual-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"httpd24-manual-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-tools-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap24-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy24_html-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_security-jws3-2.8.0-7.GA.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_security-jws3-debuginfo-2.8.0-7.GA.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session24-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl24-2.4.6-61.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.59-50_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.18-61_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.18-61_patch_01.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:57", "description": "Tomcat 6, an implementation of the Java Servlet and the JavaServer Pages (JSP) specifications and a pure Java web server environment, was affected by multiple security issues prior version 6.0.45.\n\nCVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.\n\nCVE-2015-5345 The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.\n\nCVE-2015-5351 The Manager and Host Manager applications in Apache Tomcat establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.\n\nCVE-2016-0706 Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache /catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.\n\nCVE-2016-0714 The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.\n\nCVE-2016-0763 The setGlobalContext method in org/apache/naming/factory /ResourceLinkFactory.java in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.\n\nFor Debian 6 'Squeeze', these problems have been fixed in version 6.0.45-1~deb6u1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "Debian DLA-435-1 : tomcat6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet2.4-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat6-java", "p-cpe:/a:debian:debian_linux:tomcat6", "p-cpe:/a:debian:debian_linux:tomcat6-admin", "p-cpe:/a:debian:debian_linux:tomcat6-common", "p-cpe:/a:debian:debian_linux:tomcat6-docs", "p-cpe:/a:debian:debian_linux:tomcat6-examples", "p-cpe:/a:debian:debian_linux:tomcat6-extras", "p-cpe:/a:debian:debian_linux:tomcat6-user", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-435.NASL", "href": "https://www.tenable.com/plugins/nessus/88996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-435-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88996);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n\n script_name(english:\"Debian DLA-435-1 : tomcat6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat 6, an implementation of the Java Servlet and the JavaServer\nPages (JSP) specifications and a pure Java web server environment, was\naffected by multiple security issues prior version 6.0.45.\n\nCVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in\nApache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before\n8.0.27 allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call, as\ndemonstrated by the $CATALINA_BASE/webapps directory.\n\nCVE-2015-5345 The Mapper component in Apache Tomcat 6.x before 6.0.45,\n7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2\nprocesses redirects before considering security constraints and\nFilters, which allows remote attackers to determine the existence of a\ndirectory via a URL that lacks a trailing / (slash) character.\n\nCVE-2015-5351 The Manager and Host Manager applications in Apache\nTomcat establish sessions and send CSRF tokens for arbitrary new\nrequests, which allows remote attackers to bypass a CSRF protection\nmechanism by using a token.\n\nCVE-2016-0706 Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x\nbefore 8.0.31, and 9.x before 9.0.0.M2 does not place\norg.apache.catalina.manager.StatusManagerServlet on the org/apache\n/catalina/core/RestrictedServlets.properties list, which allows remote\nauthenticated users to bypass intended SecurityManager restrictions\nand read arbitrary HTTP requests, and consequently discover session ID\nvalues, via a crafted web application.\n\nCVE-2016-0714 The session-persistence implementation in Apache Tomcat\n6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x\nbefore 9.0.0.M2 mishandles session attributes, which allows remote\nauthenticated users to bypass intended SecurityManager restrictions\nand execute arbitrary code in a privileged context via a web\napplication that places a crafted object in a session.\n\nCVE-2016-0763 The setGlobalContext method in org/apache/naming/factory\n/ResourceLinkFactory.java in Apache Tomcat does not consider whether\nResourceLinkFactory.setGlobalContext callers are authorized, which\nallows remote authenticated users to bypass intended SecurityManager\nrestrictions and read or write to arbitrary application data, or cause\na denial of service (application disruption), via a web application\nthat sets a crafted global context.\n\nFor Debian 6 'Squeeze', these problems have been fixed in version\n6.0.45-1~deb6u1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/02/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/tomcat6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.45-1~deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:52", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 9.0.0.M3. It is, therefore, affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)\n\n - A flaw exists due to a failure to invalidate a previous session ID when assigning an ID to a new session. An attacker can exploit this, via a crafted request that uses the requestedSessionSSL field to fixate the session ID, to ensure that the user authenticates with a known session ID, allowing the session to be subsequently hijacked. (CVE-2015-5346)\n\n - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Apache Tomcat < 9.0.0.M3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_0_M3.NASL", "href": "https://www.tenable.com/plugins/nessus/121125", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121125);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2015-5345\",\n \"CVE-2015-5346\",\n \"CVE-2015-5351\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\"\n );\n\n script_name(english:\"Apache Tomcat < 9.0.0.M3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 9.0.0.M3. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability exists due to\n a failure to enforce access restrictions when handling\n directory requests that are missing trailing slashes. An\n unauthenticated, remote attacker can exploit this to\n enumerate valid directories. (CVE-2015-5345)\n\n - A flaw exists due to a failure to invalidate a previous\n session ID when assigning an ID to a new session. An\n attacker can exploit this, via a crafted request that\n uses the requestedSessionSSL field to fixate the session\n ID, to ensure that the user authenticates with a known\n session ID, allowing the session to be subsequently\n hijacked. (CVE-2015-5346)\n\n - An information disclosure vulnerability exists in the\n Manager and Host Manager web applications due to a flaw\n in the index page when issuing redirects in response to\n unauthenticated requests for the root directory of the\n application. An unauthenticated, remote attacker can\n exploit this to gain access to the XSRF token\n information stored in the index page. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that\n allows a specially crafted web application to load the\n StatusManagerServlet. An attacker can exploit this to\n gain unauthorized access to a list of all deployed\n applications and a list of the HTTP request lines for\n all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw\n in the StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An unauthenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of\n ResourceLinkFactory being accessible to web applications\n even when run under a security manager. An\n unauthenticated, remote attacker can exploit this to\n inject malicious global context, allowing data owned by\n other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77a5c04a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.0.M3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5351\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-0714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:\"9.0.0.M3\", min:\"9.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^9(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:22:54", "description": "The version of Apache Tomcat installed on the remote host is version 9.0.x prior to 9.0.0.M3. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)\n - A flaw exists due to a failure to invalidate a previous session ID when assigning an ID to a new session. An attacker can exploit this, via a crafted request that uses the requestedSessionSSL field to fixate the session ID, to ensure that the user authenticates with a known session ID, allowing the session to be subsequently hijacked. (CVE-2015-5346)\n - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351)\n - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714)\n - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to. (CVE-2016-0763)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.x < 9.0.0.M3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2019-05-13T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700699.PASL", "href": "https://www.tenable.com/plugins/nnm/700699", "sourceData": "Binary data 700699.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:25", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)\n\n - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. Note that the Apache Tomcat advisory does not list Tomcat version 7.0.0 as affected by this vulnerability. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-02-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.68 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_68.NASL", "href": "https://www.tenable.com/plugins/nessus/88936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88936);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-5345\",\n \"CVE-2015-5351\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\"\n );\n script_bugtraq_id(\n 83324,\n 83326,\n 83327,\n 83328,\n 83330\n );\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.68 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 7.0.x prior to 7.0.68. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to\n a failure to enforce access restrictions when handling\n directory requests that are missing trailing slashes. An\n unauthenticated, remote attacker can exploit this to\n enumerate valid directories. (CVE-2015-5345)\n\n - An information disclosure vulnerability exists in the\n Manager and Host Manager web applications due to a flaw\n in the index page when issuing redirects in response to\n unauthenticated requests for the root directory of the\n application. An unauthenticated, remote attacker can\n exploit this to gain access to the XSRF token\n information stored in the index page. Note that the\n Apache Tomcat advisory does not list Tomcat version\n 7.0.0 as affected by this vulnerability. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that\n allows a specially crafted web application to load the\n StatusManagerServlet. An attacker can exploit this to\n gain unauthorized access to a list of all deployed\n applications and a list of the HTTP request lines for\n all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw\n in the StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An unauthenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of\n ResourceLinkFactory being accessible to web applications\n even when run under a security manager. An\n unauthenticated, remote attacker can exploit this to\n inject malicious global context, allowing data owned by\n other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40843ffb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.68 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:\"7.0.68\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:22:19", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.", "cvss3": {}, "published": "2016-07-01T00:00:00", "type": "nessus", "title": "Debian DSA-3609-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3609.NASL", "href": "https://www.tenable.com/plugins/nessus/91906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3609. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91906);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_xref(name:\"DSA\", value:\"3609\");\n\n script_name(english:\"Debian DSA-3609-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure,\nthe bypass of CSRF protections, bypass of the SecurityManager or\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3609\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:15:00", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.0.x prior to 8.0.32. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists due to a failure to invalidate a previous session ID when assigning an ID to a new session. An attacker can exploit this, via a crafted request that uses the requestedSessionSSL field to fixate the session ID, to ensure that the user authenticates with a known session ID, allowing the session to be subsequently hijacked. (CVE-2015-5346)\n\n - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-02-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.0.0.RC1 < 8.0.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_0_32.NASL", "href": "https://www.tenable.com/plugins/nessus/88937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88937);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-5346\",\n \"CVE-2015-5351\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\"\n );\n script_bugtraq_id(\n 83323,\n 83324,\n 83326,\n 83327,\n 83330\n );\n\n script_name(english:\"Apache Tomcat 8.0.0.RC1 < 8.0.32 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 8.0.x prior to 8.0.32. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A flaw exists due to a failure to invalidate a previous\n session ID when assigning an ID to a new session. An\n attacker can exploit this, via a crafted request that\n uses the requestedSessionSSL field to fixate the session\n ID, to ensure that the user authenticates with a known\n session ID, allowing the session to be subsequently\n hijacked. (CVE-2015-5346)\n\n - An information disclosure vulnerability exists in the\n Manager and Host Manager web applications due to a flaw\n in the index page when issuing redirects in response to\n unauthenticated requests for the root directory of the\n application. An unauthenticated, remote attacker can\n exploit this to gain access to the XSRF token\n information stored in the index page. (CVE-2015-5351)\n\n - An information disclosure vulnerability exists that\n allows a specially crafted web application to load the\n StatusManagerServlet. An attacker can exploit this to\n gain unauthorized access to a list of all deployed\n applications and a list of the HTTP request lines for\n all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw\n in the StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An unauthenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A flaw exists due to the setGlobalContext() method of\n ResourceLinkFactory being accessible to web applications\n even when run under a security manager. An\n unauthenticated, remote attacker can exploit this to\n inject malicious global context, allowing data owned by\n other web applications to be read or written to.\n (CVE-2016-0763)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.32\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6906ceb2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Although version 8.0.31 fixes these issues, that version was not\nofficially released, and the vendor recommends upgrading to 8.0.32 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:\"8.0.32\", min:\"8.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^8(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:59", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.(CVE-2015-5174)\n\n - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.(CVE-2015-5345)\n\n - The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.(CVE-2015-5351)\n\n - Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.(CVE-2016-0706)\n\n - The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.(CVE-2016-0714)\n\n - The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.(CVE-2016-0763)\n\n - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.(CVE-2016-3092)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1054.NASL", "href": "https://www.tenable.com/plugins/nessus/99816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99816);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-5174\",\n \"CVE-2015-5345\",\n \"CVE-2015-5351\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\",\n \"CVE-2016-3092\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1054)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Directory traversal vulnerability in RequestUtil.java\n in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65,\n and 8.x before 8.0.27 allows remote authenticated users\n to bypass intended SecurityManager restrictions and\n list a parent directory via a /.. (slash dot dot) in a\n pathname used by a web application in a getResource,\n getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps\n directory.(CVE-2015-5174)\n\n - The Mapper component in Apache Tomcat 6.x before\n 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x\n before 9.0.0.M2 processes redirects before considering\n security constraints and Filters, which allows remote\n attackers to determine the existence of a directory via\n a URL that lacks a trailing / (slash)\n character.(CVE-2015-5345)\n\n - The (1) Manager and (2) Host Manager applications in\n Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and\n 9.x before 9.0.0.M2 establish sessions and send CSRF\n tokens for arbitrary new requests, which allows remote\n attackers to bypass a CSRF protection mechanism by\n using a token.(CVE-2015-5351)\n\n - Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x\n before 8.0.31, and 9.x before 9.0.0.M2 does not place\n org.apache.catalina.manager.StatusManagerServlet on the\n org/apache/catalina/core/RestrictedServlets.properties\n list, which allows remote authenticated users to bypass\n intended SecurityManager restrictions and read\n arbitrary HTTP requests, and consequently discover\n session ID values, via a crafted web\n application.(CVE-2016-0706)\n\n - The session-persistence implementation in Apache Tomcat\n 6.x before 6.0.45, 7.x before 7.0.68, 8.x before\n 8.0.31, and 9.x before 9.0.0.M2 mishandles session\n attributes, which allows remote authenticated users to\n bypass intended SecurityManager restrictions and\n execute arbitrary code in a privileged context via a\n web application that places a crafted object in a\n session.(CVE-2016-0714)\n\n - The setGlobalContext method in\n org/apache/naming/factory/ResourceLinkFactory.java in\n Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and\n 9.x before 9.0.0.M3 does not consider whether\n ResourceLinkFactory.setGlobalContext callers are\n authorized, which allows remote authenticated users to\n bypass intended SecurityManager restrictions and read\n or write to arbitrary application data, or cause a\n denial of service (application disruption), via a web\n application that sets a crafted global\n context.(CVE-2016-0763)\n\n - The MultipartStream class in Apache Commons Fileupload\n before 1.3.2, as used in Apache Tomcat 7.x before\n 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x\n before 9.0.0.M7 and other products, allows remote\n attackers to cause a denial of service (CPU\n consumption) via a long boundary string.(CVE-2016-3092)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79790207\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-10\",\n \"tomcat-admin-webapps-7.0.69-10\",\n \"tomcat-el-2.2-api-7.0.69-10\",\n \"tomcat-jsp-2.2-api-7.0.69-10\",\n \"tomcat-lib-7.0.69-10\",\n \"tomcat-servlet-3.0-api-7.0.69-10\",\n \"tomcat-webapps-7.0.69-10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:19:45", "description": "ResourceLinkFactory.setGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. (CVE-2016-0763)\n\nA session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. (CVE-2015-5346)\n\nThe Manager and Host Manager applications were discovered to establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. (CVE-2015-5351)\n\nThe session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714)\n\nIt was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.\n(CVE-2016-0706)", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-679.NASL", "href": "https://www.tenable.com/plugins/nessus/90272", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-679.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90272);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"ALAS\", value:\"2016-679\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-679)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ResourceLinkFactory.setGlobalContext() is a public method and was\ndiscovered to be accessible by web applications running under a\nsecurity manager without any checks. This allowed a malicious web\napplication to inject a malicious global context that could in turn be\nused to disrupt other web applications and/or read and write data\nowned by other web applications. (CVE-2016-0763)\n\nA session fixation vulnerability was discovered that might allow\nremote attackers to hijack web sessions by leveraging use of a\nrequestedSessionSSL field for an unintended request when different\nsession settings are used for deployments of multiple versions of the\nsame web application. (CVE-2015-5346)\n\nThe Manager and Host Manager applications were discovered to establish\nsessions and send CSRF tokens for arbitrary new requests, which allows\nremote attackers to bypass a CSRF protection mechanism by using a\ntoken. (CVE-2015-5351)\n\nThe session-persistence implementation was discovered to mishandle\nsession attributes, which allows remote authenticated users to bypass\nintended SecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that places a crafted object\nin a session. (CVE-2016-0714)\n\nIt was discovered that\norg.apache.catalina.manager.StatusManagerServlet was not placed on the\norg/apache/catalina/core/RestrictedServlets.properties list, which\nallows remote authenticated users to bypass intended SecurityManager\nrestrictions and read arbitrary HTTP requests, and consequently\ndiscover session ID values, via a crafted web application.\n(CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-679.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.32-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.32-1.59.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:16:20", "description": "ResourceLinkFactory.setGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. (CVE-2016-0763)\n\nThe Manager and Host Manager applications were discovered to establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. (CVE-2015-5351)\n\nThe Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345)\n\nThe session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714)\n\nIt was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.\n(CVE-2016-0706)", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-680.NASL", "href": "https://www.tenable.com/plugins/nessus/90273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-680.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90273);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"ALAS\", value:\"2016-680\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-680)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ResourceLinkFactory.setGlobalContext() is a public method and was\ndiscovered to be accessible by web applications running under a\nsecurity manager without any checks. This allowed a malicious web\napplication to inject a malicious global context that could in turn be\nused to disrupt other web applications and/or read and write data\nowned by other web applications. (CVE-2016-0763)\n\nThe Manager and Host Manager applications were discovered to establish\nsessions and send CSRF tokens for arbitrary new requests, which allows\nremote attackers to bypass a CSRF protection mechanism by using a\ntoken. (CVE-2015-5351)\n\nThe Mapper component processes redirects before considering security\nconstraints and Filters, which allows remote attackers to determine\nthe existence of a directory via a URL that lacks a trailing / (slash)\ncharacter. (CVE-2015-5345)\n\nThe session-persistence implementation was discovered to mishandle\nsession attributes, which allows remote authenticated users to bypass\nintended SecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that places a crafted object\nin a session. (CVE-2016-0714)\n\nIt was discovered that\norg.apache.catalina.manager.StatusManagerServlet was not placed on the\norg/apache/catalina/core/RestrictedServlets.properties list, which\nallows remote authenticated users to bypass intended SecurityManager\nrestrictions and read arbitrary HTTP requests, and consequently\ndiscover session ID values, via a crafted web application.\n(CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-680.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.68-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.68-1.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:54", "description": "The following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69).\n\nSecurity Fix(es) :\n\n - A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.\n (CVE-2015-5351)\n\n - It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n - A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n (CVE-2016-3092)\n\n - A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95863);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69).\n\nSecurity Fix(es) :\n\n - A CSRF flaw was found in Tomcat's the index pages for\n the Manager and Host Manager applications. These\n applications included a valid CSRF token when issuing a\n redirect as a result of an unauthenticated request to\n the root of the web application. This token could then\n be used by an attacker to perform a CSRF attack.\n (CVE-2015-5351)\n\n - It was found that several Tomcat session persistence\n mechanisms could allow a remote, authenticated user to\n bypass intended SecurityManager restrictions and execute\n arbitrary code in a privileged context via a web\n application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - A security manager bypass flaw was found in Tomcat that\n could allow remote, authenticated users to access\n arbitrary application data, potentially resulting in a\n denial of service. (CVE-2016-0763)\n\n - A denial of service vulnerability was identified in\n Commons FileUpload that occurred when the length of the\n multipart boundary was just below the size of the buffer\n (4096 bytes) used to read the uploaded file if the\n boundary was the typical tens of bytes long.\n (CVE-2016-3092)\n\n - A directory traversal flaw was found in Tomcat's\n RequestUtil.java. A remote, authenticated user could use\n this flaw to bypass intended SecurityManager\n restrictions and list a parent directory via a '/..' in\n a pathname used by a web application in a getResource,\n getResourceAsStream, or getResourcePaths call.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a\n directory even when that directory was protected by a\n security constraint. A user could make a request to a\n directory via a URL not ending with a slash and,\n depending on whether Tomcat redirected that request,\n could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the\n StatusManagerServlet to be loaded by a web application\n when a security manager was configured. This allowed a\n web application to list all deployed web applications\n and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=3481\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?379ee337\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.69-10.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:19:16", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.", "cvss3": {}, "published": "2016-04-18T00:00:00", "type": "nessus", "title": "Debian DSA-3552-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0096", "CVE-2014-0119", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3552.NASL", "href": "https://www.tenable.com/plugins/nessus/90552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3552. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90552);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"DSA\", value:\"3552\");\n\n script_name(english:\"Debian DSA-3552-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure,\nthe bypass of CSRF protections and bypass of the SecurityManager.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3552\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119\nand CVE-2014-0096.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.56-3+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:42", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the getResource(), getResourceAsStream(), and getResourcePaths() ServletContext methods due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted path traversal request, to gain access to the listing of directory contents. (CVE-2015-5174)\n\n - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)\n\n - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-02-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_45.NASL", "href": "https://www.tenable.com/plugins/nessus/88935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88935);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-5174\",\n \"CVE-2015-5345\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\"\n );\n script_bugtraq_id(\n 83324,\n 83327,\n 83328,\n 83329\n );\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.45. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n getResource(), getResourceAsStream(), and\n getResourcePaths() ServletContext methods due to a\n failure to properly sanitize user-supplied input. An\n unauthenticated, remote attacker can exploit this, via a\n crafted path traversal request, to gain access to the\n listing of directory contents. (CVE-2015-5174)\n\n - An information disclosure vulnerability exists due to\n a failure to enforce access restrictions when handling\n directory requests that are missing trailing slashes. An\n unauthenticated, remote attacker can exploit this to\n enumerate valid directories. (CVE-2015-5345)\n\n - An information disclosure vulnerability exists that\n allows a specially crafted web application to load the\n StatusManagerServlet. An attacker can exploit this to\n gain unauthorized access to a list of all deployed\n applications and a list of the HTTP request lines for\n all requests currently being processed. (CVE-2016-0706)\n\n - A security bypass vulnerability exists due to a flaw\n in the StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An unauthenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?713d54e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.45 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:\"6.0.45\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:39", "description": "An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : JBoss Web Server (RHSA-2016:2807)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-2807.NASL", "href": "https://www.tenable.com/plugins/nessus/95024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2807. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95024);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_xref(name:\"RHSA\", value:\"2016:2807\");\n\n script_name(english:\"RHEL 6 / 7 : JBoss Web Server (RHSA-2016:2807)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Web Server 2\nfor RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThis release of Red Hat JBoss Web Server 2.1.2 serves as a replacement\nfor Red Hat JBoss Web Server 2.1.1. It contains security fixes for the\nTomcat 7 component. Only users of the Tomcat 7 component in JBoss Web\nServer need to apply the fixes delivered in this release.\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2807\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL7\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-maven-devel-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.54-23_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.54-23_patch_05.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-maven-devel-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.54-23_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.54-23_patch_05.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:10", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2016:2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0230", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/95345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2599 and \n# CentOS Errata and Security Advisory 2016:2599 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95345);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_xref(name:\"RHSA\", value:\"2016:2599\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2016:2599)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003537.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0166ad6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0230\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-10.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:59", "description": "Mark Thomas reports :\n\n- CVE-2015-5345 Apache Tomcat Directory disclosure\n\n- CVE-2016-0706 Apache Tomcat Security Manager bypass\n\n- CVE-2016-0714 Apache Tomcat Security Manager Bypass", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (1f1124fe-de5c-11e5-8fa8-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2015-5346", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1F1124FEDE5C11E58FA814DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/89006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89006);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2016-0706\", \"CVE-2016-0714\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (1f1124fe-de5c-11e5-8fa8-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mark Thomas reports :\n\n- CVE-2015-5345 Apache Tomcat Directory disclosure\n\n- CVE-2016-0706 Apache Tomcat Security Manager bypass\n\n- CVE-2016-0714 Apache Tomcat Security Manager Bypass\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?110db969\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF6A.70703@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2344e1ab\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF4F.5090003@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7476e921\"\n );\n # https://vuxml.freebsd.org/freebsd/1f1124fe-de5c-11e5-8fa8-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b78ea45b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.68\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:16:20", "description": "A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345)\n\nThe session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714)\n\nIt was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.\n(CVE-2016-0706)", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-681)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-681.NASL", "href": "https://www.tenable.com/plugins/nessus/90274", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-681.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90274);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\");\n script_xref(name:\"ALAS\", value:\"2016-681\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-681)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in RequestUtil.java was discovered\nwhich allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security\nconstraints and Filters, which allows remote attackers to determine\nthe existence of a directory via a URL that lacks a trailing / (slash)\ncharacter. (CVE-2015-5345)\n\nThe session-persistence implementation was discovered to mishandle\nsession attributes, which allows remote authenticated users to bypass\nintended SecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that places a crafted object\nin a session. (CVE-2016-0714)\n\nIt was discovered that\norg.apache.catalina.manager.StatusManagerServlet was not placed on the\norg/apache/catalina/core/RestrictedServlets.properties list, which\nallows remote authenticated users to bypass intended SecurityManager\nrestrictions and read arbitrary HTTP requests, and consequently\ndiscover session ID values, via a crafted web application.\n(CVE-2016-0706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-681.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.45-1.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.45-1.4.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T14:58:09", "description": "From Red Hat Security Advisory 2016:2599 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2016-2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0230", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/94718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2599 and \n# Oracle Linux Security Advisory ELSA-2016-2599 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94718);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_xref(name:\"RHSA\", value:\"2016:2599\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2016-2599)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2599 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006483.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-10.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:00", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2016:2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0230", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/94562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2599. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94562);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-3092\");\n script_xref(name:\"RHSA\", value:\"2016:2599\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2016:2599)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es) :\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager\nand Host Manager applications. These applications included a valid\nCSRF token when issuing a redirect as a result of an unauthenticated\nrequest to the root of the web application. This token could then be\nused by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2599\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.69-10.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:28", "description": "Mark Thomas reports :\n\n- CVE-2015-5346 Apache Tomcat Session fixation\n\n- CVE-2015-5351 Apache Tomcat CSRF token leak\n\n- CVE-2016-0763 Apache Tomcat Security Manager Bypass", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (7bbc3016-de63-11e5-8fa8-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0763"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7BBC3016DE6311E58FA814DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/89010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89010);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0763\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (7bbc3016-de63-11e5-8fa8-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mark Thomas reports :\n\n- CVE-2015-5346 Apache Tomcat Session fixation\n\n- CVE-2015-5351 Apache Tomcat CSRF token leak\n\n- CVE-2016-0763 Apache Tomcat Security Manager Bypass\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?110db969\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF7B.1010901@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?225525db\"\n );\n # http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEFB2.9030605@apache.org%3e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02925fee\"\n );\n # https://vuxml.freebsd.org/freebsd/7bbc3016-de63-11e5-8fa8-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fac93dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.68\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:58", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2045 and \n# CentOS Errata and Security Advisory 2016:2045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93965);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f51bb064\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6325\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:42", "description": "Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n - It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n - A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nBug Fix(es) :\n\n - Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check.", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161010_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/94004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94004);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed\n certain configuration files read by the Tomcat\n initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application\n deployed on Tomcat could use this flaw to escalate their\n privileges. (CVE-2016-6325)\n\n - It was found that several Tomcat session persistence\n mechanisms could allow a remote, authenticated user to\n bypass intended SecurityManager restrictions and execute\n arbitrary code in a privileged context via a web\n application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - It was discovered that tomcat used the value of the\n Proxy header from HTTP requests to initialize the\n HTTP_PROXY environment variable for CGI scripts, which\n in turn was incorrectly used by certain HTTP client\n implementations to configure the proxy for outgoing HTTP\n requests. A remote attacker could possibly use this flaw\n to redirect HTTP requests performed by a CGI script to\n an attacker-controlled proxy via a malicious HTTP\n request. (CVE-2016-5388)\n\n - A directory traversal flaw was found in Tomcat's\n RequestUtil.java. A remote, authenticated user could use\n this flaw to bypass intended SecurityManager\n restrictions and list a parent directory via a '/..' in\n a pathname used by a web application in a getResource,\n getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a\n directory even when that directory was protected by a\n security constraint. A user could make a request to a\n directory via a URL not ending with a slash and,\n depending on whether Tomcat redirected that request,\n could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the\n StatusManagerServlet to be loaded by a web application\n when a security manager was configured. This allowed a\n web application to list all deployed web applications\n and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nBug Fix(es) :\n\n - Due to a bug in the tomcat6 spec file, the catalina.out\n file's md5sum, size, and mtime attributes were compared\n to the file's attributes at installation time. Because\n these attributes change after the service is started,\n the 'rpm -V' command previously failed. With this\n update, the attributes mentioned above are ignored in\n the RPM verification and the catalina.out file now\n passes the verification check.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=1313\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e4be176\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:32", "description": "According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.2.1075.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the bundled version of Apache Tomcat in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An authenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351)\n\n - A remote code execution vulnerability exists in the JMXInvokerServlet interface due to improper validation of Java objects before deserialization. An authenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-7501)\n\n - A remote code execution vulnerability exists in the Framework subcomponent that allows an authenticated, remote attacker to execute arbitrary code.\n (CVE-2016-0635)\n\n - An information disclosure vulnerability exists in the bundled version of Apache Tomcat that allows a specially crafted web application to load the StatusManagerServlet. An authenticated, remote attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A remote code execution vulnerability exists in the bundled version of Apache Tomcat due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An authenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A security bypass vulnerability exists in the bundled version of Apache Tomcat due to a failure to consider whether ResourceLinkFactory.setGlobalContext callers are authorized. An authenticated, remote attacker can exploit this, via a web application that sets a crafted global context, to bypass intended SecurityManager restrictions and read or write to arbitrary application data or cause a denial of service condition.\n (CVE-2016-0763)", "cvss3": {}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.2.x < 3.2.2.1075 Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2015-7501", "CVE-2016-0635", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "id": "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "href": "https://www.tenable.com/plugins/nessus/96769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96769);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2015-5351\",\n \"CVE-2015-7501\",\n \"CVE-2016-0635\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\"\n );\n script_bugtraq_id(\n 78215,\n 83324,\n 83326,\n 83327,\n 83330,\n 91869\n );\n script_xref(name:\"CERT\", value:\"576313\");\n\n script_name(english:\"MySQL Enterprise Monitor 3.2.x < 3.2.2.1075 Multiple Vulnerabilities (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\napplication running on the remote host is 3.2.x prior to 3.2.2.1075.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n bundled version of Apache Tomcat in the Manager and Host\n Manager web applications due to a flaw in the index page\n when issuing redirects in response to unauthenticated\n requests for the root directory of the application. An\n authenticated, remote attacker can exploit this to gain\n access to the XSRF token information stored in the index\n page. (CVE-2015-5351)\n\n - A remote code execution vulnerability exists in the \n JMXInvokerServlet interface due to improper validation\n of Java objects before deserialization. An\n authenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2015-7501)\n\n - A remote code execution vulnerability exists in the\n Framework subcomponent that allows an authenticated,\n remote attacker to execute arbitrary code.\n (CVE-2016-0635)\n\n - An information disclosure vulnerability exists in the \n bundled version of Apache Tomcat that allows a specially\n crafted web application to load the\n StatusManagerServlet. An authenticated, remote attacker\n can exploit this to gain unauthorized access to a list\n of all deployed applications and a list of the HTTP\n request lines for all requests currently being\n processed. (CVE-2016-0706)\n\n - A remote code execution vulnerability exists in the\n bundled version of Apache Tomcat due to a flaw in the\n StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An authenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A security bypass vulnerability exists in the bundled\n version of Apache Tomcat due to a failure to consider\n whether ResourceLinkFactory.setGlobalContext callers are\n authorized. An authenticated, remote attacker can\n exploit this, via a web application that sets a crafted\n global context, to bypass intended SecurityManager\n restrictions and read or write to arbitrary application\n data or cause a denial of service condition.\n (CVE-2016-0763)\");\n # https://dev.mysql.com/doc/relnotes/mysql-monitor/3.2/en/news-3-2-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b87d451\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1c38e52\");\n # https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c6d83db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor version 3.2.2.1075 or later as\nreferenced in the January 2017 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nfix = \"3.2.2.1075\";\nvuln = FALSE;\nif (version =~ \"^3\\.2($|[^0-9])\" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n vuln = TRUE;;\n\nif (vuln)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report, xsrf:TRUE);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:07", "description": "From Red Hat Security Advisory 2016:2045 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2045 and \n# Oracle Linux Security Advisory ELSA-2016-2045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93947);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2045 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006408.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:27", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2045. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93950);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6325\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2045\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:33:25", "description": "The remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions.\n A local attacker, who is a tomcat’s system user or belongs to tomcat’s group, could potentially escalate privileges.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648", "CVE-2017-5650", "CVE-2017-5651"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201705-09.NASL", "href": "https://www.tenable.com/plugins/nessus/100262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100262);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\", \"CVE-2016-1240\", \"CVE-2016-3092\", \"CVE-2016-8745\", \"CVE-2017-5647\", \"CVE-2017-5648\", \"CVE-2017-5650\", \"CVE-2017-5651\");\n script_xref(name:\"GLSA\", value:\"201705-09\");\n\n script_name(english:\"GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-09\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tomcat. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service condition,\n obtain sensitive information, bypass protection mechanisms and\n authentication restrictions.\n A local attacker, who is a tomcat’s system user or belongs to\n tomcat’s group, could potentially escalate privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat users have to manually check their Tomcat runscripts\n to make sure that they don’t use an old, vulnerable runscript. In\n addition:\n All Apache Tomcat 7 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.70:7'\n All Apache Tomcat 8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-8.0.36:8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"ge 8.0.36\", \"ge 7.0.70\"), vulnerable:make_list(\"lt 8.0.36\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:33", "description": "Apache Tomcat 7.0.x before 7.0.68 or 8.0.x before 8.0.32 is affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered as the 'ResourceLinkFactory.setGlobalContext()' method is accessible to web applications even when run under a security manager. This may potentially allow a context-dependent attacker to inject a malicious global context and read and write data owned by other web applications. (CVE-2016-0763)\n - A flaw exists in the index page of the Manager and Host Manager applications that is triggered when issuing redirects in response to unauthenticated requests to the root of the web application. This may allow a remote attacker to gain access to CSRF token information stored in the index page. (CVE-2015-5351)", "cvss3": {}, "published": "2016-05-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.68 / 8.0.x < 8.0.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0763"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9313.PRM", "href": "https://www.tenable.com/plugins/nnm/9313", "sourceData": "Binary data 9313.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:33", "description": "Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.68, or 8.0.x before 8.0.32 is affected by multiple vulnerabilities :\n\n - A flaw exists that may allow a specially crafted web application to load the 'StatusManagerServlet' servlet. This may allow a context-dependent attacker to gain unauthorized access to \"a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed.\" (CVE-2016-0706)\n - A flaw exists in the StandardManager, PersistentManager, and cluster implementation that is triggered during the handling of persistent sessions. This may allow a remote attacker to bypass the security manager and use a specially crafted object in a session to execute arbitrary code. (CVE-2016-0714)", "cvss3": {}, "published": "2016-05-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0706", "CVE-2016-0714"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9315.PRM", "href": "https://www.tenable.com/plugins/nnm/9315", "sourceData": "Binary data 9315.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:18:04", "description": "Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.", "cvss3": {}, "published": "2016-03-28T00:00:00", "type": "nessus", "title": "Debian DSA-3530-1 : tomcat6 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0033", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3530.NASL", "href": "https://www.tenable.com/plugins/nessus/90205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3530. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90205);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4286\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0033\", \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\", \"CVE-2014-0227\", \"CVE-2014-0230\", \"CVE-2014-7810\", \"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-0763\");\n script_xref(name:\"DSA\", value:\"3530\");\n\n script_name(english:\"Debian DSA-3530-1 : tomcat6 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been fixed in the Tomcat\nservlet and JSP engine, which may result on bypass of security manager\nrestrictions, information disclosure, denial of service or session\nfixation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3530\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 6.0.45+dfsg-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.45+dfsg-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:15:55", "description": "A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nA session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. (CVE-2015-5346)\n\nIt was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)", "cvss3": {}, "published": "2016-03-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-657)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5346"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-657.NASL", "href": "https://www.tenable.com/plugins/nessus/89838", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-657.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89838);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5174\", \"CVE-2015-5346\");\n script_xref(name:\"ALAS\", value:\"2016-657\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in RequestUtil.java was discovered\nwhich allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nA session fixation vulnerability was discovered that might allow\nremote attackers to hijack web sessions by leveraging use of a\nrequestedSessionSSL field for an unintended request when different\nsession settings are used for deployments of multiple versions of the\nsame web application. (CVE-2015-5346)\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-657.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.67-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.67-1.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:18:21", "description": "A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345)\n\nIt was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)", "cvss3": {}, "published": "2016-03-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-658)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-658.NASL", "href": "https://www.tenable.com/plugins/nessus/89839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-658.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89839);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5174\", \"CVE-2015-5345\");\n script_xref(name:\"ALAS\", value:\"2016-658\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-658)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in RequestUtil.java was discovered\nwhich allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security\nconstraints and Filters, which allows remote attackers to determine\nthe existence of a directory via a URL that lacks a trailing / (slash)\ncharacter. (CVE-2015-5345)\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-658.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.30-1.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:34", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.45 / 7.0.68 / 8.0.30. It is, therefore, affected by an information disclosure vulnerability:\n\n - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-05-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.30 Directory Traversal", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9316.PASL", "href": "https://www.tenable.com/plugins/nnm/9316", "sourceData": "Binary data 9316.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:36:45", "description": "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345)\n\nImpact\n\nA remote at

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Description

Affected Software

Related