Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)

2018-06-15T23:17:51

Description

## Summary Vulnerabilities have been addressed in the Apache Tomcat 6 component of IBM Cognos Metrics Manager. ## Vulnerability Details **CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. CVSS Base Score: 6.1 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ## Affected Products and Versions * IBM Cognos Metrics Manager 10.2.2 * IBM Cognos Metrics Manager 10.2.1 * IBM Cognos Metrics Manager 10.2 * IBM Cognos Metrics Manager 10.1.1 ## Remediation/Fixes The recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. | Version| Interim Fix ---|---|--- IBM Cognos Metrics Manager| 10.2.2| [IBM Cognos Business Intelligence 10.2.2 Interim Fix 14 ](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) IBM Cognos Metrics Manager| 10.2.1| [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) IBM Cognos Metrics Manager| 10.2| [IBM Cognos Business Intelligence 10.2 Interim Fix 22](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) IBM Cognos Metrics Manager| 10.1.1| [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	cognos business intelligence	10.1.1
	cognos business intelligence	10.2
	cognos business intelligence	10.2.1
	cognos business intelligence	10.2.2

{"id": "B192A38BFCB65C485CB834810BC072C9ED521B788476FAD8E67C2FE9EE26ACC2", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)", "description": "## Summary\n\nVulnerabilities have been addressed in the Apache Tomcat 6 component of IBM Cognos Metrics Manager. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\n * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n * IBM Cognos Metrics Manager 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n\n \n| Version| Interim Fix \n---|---|--- \nIBM Cognos Metrics Manager| 10.2.2| [IBM Cognos Business Intelligence 10.2.2 Interim Fix 14 ](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) \nIBM Cognos Metrics Manager| 10.2.1| [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) \nIBM Cognos Metrics Manager| 10.2| [IBM Cognos Business Intelligence 10.2 Interim Fix 22](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>) \nIBM Cognos Metrics Manager| 10.1.1| [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2018-06-15T23:17:51", "modified": "2018-06-15T23:17:51", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.7}, "href": "https://www.ibm.com/support/pages/node/293345", "reporter": "IBM", "references": [], "cvelist": ["CVE-2016-0762", "CVE-2016-6816"], "immutableFields": [], "lastseen": "2023-02-21T01:52:27", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-764", "ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778", "ALAS-2017-810"]}, {"type": "archlinux", "idList": ["ASA-201611-22"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-64394", "ATLASSIAN:JRASERVER-65102", "JRASERVER-64394", "JRASERVER-65102"]}, {"type": "centos", "idList": ["CESA-2017:0527", "CESA-2017:0935", "CESA-2017:2247"]}, {"type": "cve", "idList": ["CVE-2016-0762", "CVE-2016-6816", "CVE-2017-6056"]}, {"type": "debian", "idList": ["DEBIAN:DLA-728-1:A9D65", "DEBIAN:DLA-728-1:ECD0E", "DEBIAN:DLA-729-1:1B0B9", "DEBIAN:DLA-729-1:E931B", "DEBIAN:DLA-779-1:56F21", "DEBIAN:DLA-779-1:8029E", "DEBIAN:DSA-3720-1:0F2C1", "DEBIAN:DSA-3720-1:B5B38", "DEBIAN:DSA-3721-1:2B54A", "DEBIAN:DSA-3721-1:8336F", "DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3738-1:EB221", "DEBIAN:DSA-3739-1:06429", "DEBIAN:DSA-3739-1:1BDAB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-0762", "DEBIANCVE:CVE-2016-6816", "DEBIANCVE:CVE-2017-6056"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1FA29992905DF6DC8A86680F66930B75"]}, {"type": "f5", "idList": ["F5:K36784855", "F5:K37337112", "F5:K50116122", "SOL36784855", "SOL50116122"]}, {"type": "fedora", "idList": ["FEDORA:125286087B00", "FEDORA:1472760748FE", "FEDORA:1DA54604D2A3", "FEDORA:2C5E66075D89", "FEDORA:8CEB2616D980", "FEDORA:C6B3F60776BE"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5", "3AE106E2-D521-11E6-AE1B-002590263BF5"]}, {"type": "github", "idList": ["GHSA-JC7P-5R39-9477", "GHSA-WXCP-F2C8-X6XV"]}, {"type": "hackerone", "idList": ["H1:244459", "H1:648434"]}, {"type": "ibm", "idList": ["029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "28A18420E3649FDF858FD17E31DB05BBDD69C54F5D7556386C5774F6FC5E065D", "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "4CB5AEEB4566C85CB97CB5F4470481A16D1ECBA93395EFF72D6B83CAA77AD1F6", "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "70F04B9A5CE3FFBC33D36A32D999163F5334E04B121B116CCEE525F5C79AD71C", "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "8F63BC3CF4FFE8E56809705C71F9763152D76451EDAADBD199902983B8AC2975", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B8AFBDF45AEF0460886E5F93AC90DAE8F281918FBE5E510F9AEB0E2A09E65A0A", "BBD0BB9278125E79B44348E7A6E2FDFBBE0FF4AC9E9184823B714AE94FCDD740", "BFC19961F4B2A71B650F919D0D8075421D25957A36A4487C121AAA7C17E478AF", "D27D7A3FAB54F4252945DE24C1BCEB0239D87CB0DB7641EF3375DE0B604D151D", "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D86FE44D98DA7C28FEC89271CF14D0D0C5B622A5A310D188BADF3A8D121163C7", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "F5CDE8C22C4BBC6BB7CBF97A440438D883CD649212412738F8629A2D4E07BCFD", "FCEDD547799AE384A4D749F6F180AE8594D14E825F787E185F25A3AC75A35F08", "FEA72A089D1755DA76737B39FD3BC90F9FC3011626C35A4FAFB48AD0A4D10189"]}, {"type": "mageia", "idList": ["MGASA-2016-0367", "MGASA-2016-0417"]}, {"type": "nessus", "idList": ["700668.PASL", "9721.PASL", "9723.PASL", "9906.PASL", "ALA_ALAS-2016-764.NASL", "ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "ALA_ALAS-2017-810.NASL", "CENTOS_RHSA-2017-0527.NASL", "CENTOS_RHSA-2017-0935.NASL", "CENTOS_RHSA-2017-2247.NASL", "DEBIAN_DLA-728.NASL", "DEBIAN_DLA-729.NASL", "DEBIAN_DLA-779.NASL", "DEBIAN_DSA-3720.NASL", "DEBIAN_DSA-3721.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "EULEROS_SA-2017-1081.NASL", "EULEROS_SA-2017-1082.NASL", "EULEROS_SA-2017-1191.NASL", "EULEROS_SA-2017-1192.NASL", "F5_BIGIP_SOL50116122.NASL", "FEDORA_2016-38E5B05260.NASL", "FEDORA_2016-4094BD4AD6.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FEDORA_2016-C1B01B9278.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "FREEBSD_PKG_3AE106E2D52111E6AE1B002590263BF5.NASL", "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "OPENSUSE-2016-1455.NASL", "OPENSUSE-2016-1456.NASL", "ORACLELINUX_ELSA-2017-0527.NASL", "ORACLELINUX_ELSA-2017-0935.NASL", "ORACLELINUX_ELSA-2017-2247.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "REDHAT-RHSA-2017-0244.NASL", "REDHAT-RHSA-2017-0245.NASL", "REDHAT-RHSA-2017-0246.NASL", "REDHAT-RHSA-2017-0250.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-0527.NASL", "REDHAT-RHSA-2017-0935.NASL", "REDHAT-RHSA-2017-2247.NASL", "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "SL_20170412_TOMCAT_ON_SL7_X.NASL", "SL_20170802_TOMCAT_ON_SL7_X.NASL", "TOMCAT_8_5_5.NASL", "TOMCAT_8_5_8.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-4557-1.NASL", "VIRTUOZZO_VZLSA-2017-0527.NASL", "VIRTUOZZO_VZLSA-2017-0935.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703720", "OPENVAS:1361412562310703721", "OPENVAS:1361412562310703738", "OPENVAS:1361412562310703739", "OPENVAS:1361412562310810182", "OPENVAS:1361412562310810184", "OPENVAS:1361412562310810717", "OPENVAS:1361412562310810718", "OPENVAS:1361412562310810730", "OPENVAS:1361412562310811298", "OPENVAS:1361412562310811703", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310851455", "OPENVAS:1361412562310851503", "OPENVAS:1361412562310871773", "OPENVAS:1361412562310871795", "OPENVAS:1361412562310871857", "OPENVAS:1361412562310871971", "OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:1361412562310882682", "OPENVAS:1361412562310882690", "OPENVAS:1361412562311220171081", "OPENVAS:1361412562311220171082", "OPENVAS:1361412562311220171191", "OPENVAS:1361412562311220171192", "OPENVAS:703720", "OPENVAS:703721", "OPENVAS:703738", "OPENVAS:703739"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0527", "ELSA-2017-0935", "ELSA-2017-2247"]}, {"type": "osv", "idList": ["OSV:DLA-728-1", "OSV:DLA-729-1", "OSV:DLA-779-1", "OSV:DSA-3720-1", "OSV:DSA-3721-1", "OSV:DSA-3738-1", "OSV:DSA-3739-1", "OSV:GHSA-JC7P-5R39-9477", "OSV:GHSA-WXCP-F2C8-X6XV"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141920"]}, {"type": "redhat", "idList": ["RHSA-2017:0244", "RHSA-2017:0245", "RHSA-2017:0246", "RHSA-2017:0247", "RHSA-2017:0250", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0527", "RHSA-2017:0935", "RHSA-2017:2247"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6816"]}, {"type": "seebug", "idList": ["SSV:92678"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3129-1", "OPENSUSE-SU-2016:3144-1", "SUSE-SU-2016:3079-1", "SUSE-SU-2016:3081-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1"]}, {"type": "tomcat", "idList": ["TOMCAT:0DBA25EA40A6FEBF5FD9039D7F60718E", "TOMCAT:3BE7322A30732B9FCCD5C138E261173F", "TOMCAT:604E2DE63F4E10D22151D29C4D2E7487", "TOMCAT:790F7EF00EBD814D5B55BBA9ADFAB91D", "TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B", "TOMCAT:8423D2ED2F8751548B2F3411FE07D05F", "TOMCAT:937E284FF802C2D5A6E9C8A59AB6C822", "TOMCAT:9E43DA1677EA0537439D1A6D19A16EC5", "TOMCAT:DCB8C0E7C96DD2367CF48625F7A47EDF"]}, {"type": "ubuntu", "idList": ["USN-3177-1", "USN-3177-2", "USN-4557-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-0762", "UB:CVE-2016-6816", "UB:CVE-2017-6056"]}, {"type": "zdt", "idList": ["1337DAY-ID-27485"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "cognos business intelligence", "version": 10}, {"name": "cognos business intelligence", "version": 10}, {"name": "cognos business intelligence", "version": 10}, {"name": "cognos business intelligence", "version": 10}]}, "epss": [{"cve": "CVE-2016-0762", "epss": "0.001880000", "percentile": "0.546450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-6816", "epss": "0.002620000", "percentile": "0.621160000", "modified": "2023-03-20"}], "vulnersScore": 0.8}, "_state": {"dependencies": 1676944354, "score": 1684017862, "affected_software_major_version": 1677394894, "epss": 1679361349}, "_internal": {"score_hash": "e5496f80d5690636b55efd45078215bf"}, "affectedSoftware": [{"version": "10.1.1", "operator": "eq", "name": "cognos business intelligence"}, {"version": "10.2", "operator": "eq", "name": "cognos business intelligence"}, {"version": "10.2.1", "operator": "eq", "name": "cognos business intelligence"}, {"version": "10.2.2", "operator": "eq", "name": "cognos business intelligence"}]}

{"ibm": [{"lastseen": "2023-05-31T18:00:48", "description": "## Summary\n\nApache Tomcat is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nPower HMC V7.9.0.0 \nPower HMC V8.8.2.0 \nPower HMC V8.8.3.0 \nPower HMC V8.8.4.0 \nPower HMC V8.8.5.0 \nPower HMC V8.8.6.0\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.9.0 SP3\n\n| \n\nMB04061\n\n| \n\n[MH01677](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V7R7.9.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP3\n\n| \n\nMB04062\n\n| \n\n[MH01678](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.2.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP3\n\n| \n\nMB04063\n\n| \n\n[ MH01679](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.3.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.4.0 SP2\n\n| \n\nMB04064\n\n| \n\n[ MH01680](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.4.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.5.0 SP1\n\n| \n\nMB04065\n\n| \n\n[MH01681](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.5.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.6.0\n\n| \n\nMB04060\n\n| \n\n[MH01674](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.6.0&platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2021-09-23T01:31:39", "id": "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "href": "https://www.ibm.com/support/pages/node/667781", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:48", "description": "## Summary\n\nApache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \n\n\n## Vulnerability Details\n\nCVE-ID: CVE-2016-6816 \nDescription: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.100 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAlgo One Versions 5.0.0 through 5.1.0\n\n## Remediation/Fixes\n\nPatch Number\n\n| Download URL \n---|--- \nAlgo One 510-152| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-One-RTCE-RHEL-if0152:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-One-RTCE-RHEL-if0152:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One 500-350| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-RTCE-RHEL-if0350:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-RTCE-RHEL-if0350:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2018-06-15T22:48:02", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Tomcat Vulnerability\naffects IBM Algorithmics Counterparty Credit Risk", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2018-06-15T22:48:02", "id": "D86FE44D98DA7C28FEC89271CF14D0D0C5B622A5A310D188BADF3A8D121163C7", "href": "https://www.ibm.com/support/pages/node/289757", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:29", "description": "## Summary\n\nSome versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\nRational DOORS Web Access version 9.6.1.8, 9.6.1.7, 9.6.1.4, 9.6.1.3, 9.6.1.2, 9.6.1.1, 9.6.1.0, 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x.\n\n## Remediation/Fixes\n\nUpgrade to one of the versions of Apache Tomcat shown in the table below. You can upgrade Apache Tomcat after installing Rational DOORS Web Access. \n\nThe following table presents Rational DOORS Web Access versions and the released versions of Apache Tomcat.\n\n**Rational DOORS Web Access**| **Apache Tomcat** \n---|--- \n1.4.0.4| [6.0.53](<http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/bin>) \n1.5.0.x| [6.0.53](<http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/bin>) \n9.5.0.x| [6.0.53](<http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/bin>) \n9.5.1.x| [6.0.53](<http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/bin>) \n9.5.2.x| [6.0.53](<http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.53/bin>) \n9.6.0.x| [7.0.77](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.77/bin>) \n9.6.1.x| [7.0.77](<http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.77/bin>) \n \n**Procedure:**\n\n 1. Download the required version of Apache Tomcat or later core zip file from either the Apache [Tomcat 6](<http://archive.apache.org/dist/tomcat/tomcat-6/>) or [Tomcat 7](<http://archive.apache.org/dist/tomcat/tomcat-7/>) Archive download site. For example: \napache-tomcat-6.0.53-windows-x86.zip \napache-tomcat-6.0.53.tar.gz \napache-tomcat-7.0.77-windows-x64.zip \napache-tomcat-7.0.77-windows-x86.zip \napache-tomcat-7.0.77.tar.gz \n \n\n 2. Go to the Rational DOORS Web Access installation directory. \nFor example: \nC:\\Program Files\\IBM\\Rational\\DOORS Web Access\\9.version \n \n\n 3. Rename the **server** directory to **server.orig**. \n \n\n 4. Extract the downloaded Apache Tomcat core compressed file to **./server** in the Rational DOORS Web Access installation directory. \n \n\n 5. Delete the contents of the **./server/webapps** folder \n \n\n 6. Copy the following jar files from your **./server.orig/lib** directory to **./server/lib \n**commons-logging-1.1.x.jar \ndwa-catalina.jar \nlog4j-1.2.x.jar \nlog4j.properties \n \n\n 7. Remove the following jar files (only in Apache Tomcat 7) from the **./server/lib** directory \ntomcat7-websocket.jar \nwebsocket-api.jar \n \n\n 8. Copy your **./server.orig/festival** directory to **./server/festival**. \n \n\n 9. Copy the **./server.orig/conf/server.xml** file to **./server/conf/server.xml**. \n \n\n 10. Copy **./server.orig/webapps/*.war** to **./server/webapps**. \n \n\n 11. **Optional**: Copy any customized files from the **./server.orig** directory to **./server**. \n \n\n 12. **UNIX systems only:** Run the **./configure-festival.sh** command, as described in the help topic [Installing the web access server and the web access broker on Linux or Solaris systems](<https://www-01.ibm.com/support/knowledgecenter/SSYQBZ_9.6.0/com.ibm.rational.dwa.install.doc/topics/t_instdwasandbunix.html>). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2018-06-17T05:21:29", "type": "ibm", "title": "Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerability (CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2018-06-17T05:21:29", "id": "B38DBE38F17B5A514627DD6BBD5252176BA17D057FB3070D5C24522DD2CAEC6B", "href": "https://www.ibm.com/support/pages/node/561077", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:00", "description": "## Summary\n\nWebSphere Message Broker and IBM Integration Bus are affected by Open Source Apache Tomcat vulnerability\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Integration Bus V10.0.0.0- 10.0.0.8 \n\nIBM Integration Bus V9.0.0.0- 9.0.0.7\n\nWebSphere Message Broker V8.0.0.0 - 8.0.0.8\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Bus| V10.0.0.0- 10.0.0.8| IT19472 | The APAR is available in fix pack 10.0.0.9 \n\n<http://www-01.ibm.com/support/docview.wss?uid=swg24043686> \n \nIBM Integration Bus| V9.0.0.0- 9.0.0.7| IT19472 | The APAR is available in fix pack 9.0.0.8 \n\n<http://www-01.ibm.com/support/docview.wss?uid=swg24043751> \n \nWebSphere Message Broker| V8.0.0.0 - 8.0.0.8| IT19472 | The APAR is available in fix pack 8.0.0.9 \n\n[https://www.ibm.com/support/docview.wss?uid=swg24043806 ](<https://www.ibm.com/support/docview.wss?uid=swg24043806>) \n \n \n_For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\nThe planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at : \n\n \n[http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ](<http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006308>)\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-23T20:41:52", "id": "28A18420E3649FDF858FD17E31DB05BBDD69C54F5D7556386C5774F6FC5E065D", "href": "https://www.ibm.com/support/pages/node/563695", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nApache Tomcat is vulnerable to a security issue affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server.\n\n## Vulnerability Details\n\n**CVE-ID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n** \nDescription:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \n \n**CVSS Base Score:** 6.1 \n**CVSS Temporal Score:** See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\nRational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench versions: \n\n * 8.0\n * 8.0.0.1\n * 8.0.0.2\n * 8.0.0.3\n * 8.0.0.4\n * 8.0.0.5\n * 8.0.1\n * 8.0.1.1\n * 8.0.1.2\n * 8.0.1.3\n * 8.0.1.4\n * 8.0.1.5\n * 8.0.1.6\n * 8.5\n * 8.5.0.1\n * 8.5.0.2\n * 8.5.0.3\n * 8.5.0.4\nVersions 8.5.1 and later are unaffected as they do not use Apache Tomcat. \n\n## Remediation/Fixes\n\nThe fix for the CVE mentioned above has been incorporated into the 7.0.73 release of Apache Tomcat. You should upgrade your installation by following the instructions below: \n\n\n 1. Download the fix for your product from Fix Central:\n * Rational Test Workbench - [**7.0.73-Rational-RTW-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Workbench&release=All&platform=All&function=fixId&fixids=7.0.73-Rational-RTW-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n * Rational Test Virtualization Server - [**7.0.73-Rational-RTVS-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Virtualization+Server&release=All&platform=All&function=fixId&fixids=7.0.73-Rational-RTVS-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n\n \n1\\. Unzip downloaded file to a directory. \n \n2\\. Stop the server. \n \n3\\. In the existing RTCP installation, save the files logging.properties and server.xml to a separate location. \n \nThe default installation locations for these files are: \n * Windows: `C:\\Program Files\\IBM\\RationalTestControlPanel\\conf\\`\n * AIX, Linux, Solaris: `/opt/IBM/RationalTestControlPanel/conf/ \n`\n \n1\\. Copy the contents of the unzipped Tomcat directory (except for the LICENSE file) into the `RationalTestControlPanel` directory, overwriting the existing files. \n \n2\\. Copy the two configuration files you saved earlier back into `/conf`. \n \n3\\. Start the server. \n**Notes:**\n\n * When updating an installation to a later version of Rational Test Control Panel, the security fix detailed above will have to be re-applied after the RTCP update\n * When removing an installation that has had the security fix applied, not all the files will be removed by IBM Installation Manager, and some files will have to be removed manually.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2018-06-17T05:19:39", "type": "ibm", "title": "Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2018-06-17T05:19:39", "id": "8F63BC3CF4FFE8E56809705C71F9763152D76451EDAADBD199902983B8AC2975", "href": "https://www.ibm.com/support/pages/node/292045", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:32", "description": "## Summary\n\nApache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>) \n**Description**: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.100 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\nAlgo One Algo Risk Application (ARA) versions 5.1.0, 5.0.0, 4.9.1. \n\nApache Tomcat is not packaged with Algo One Algo Risk Application 5.1.0.\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nAlgo One ARA| 5.1.0.0| <https://support.podc.sl.edst.ibm.com/support/home/product/D840645J54788H24/Algo_One> \nAlgo One ARA| 5.0.0.6-17| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.5006-17-Algo-One-ARA-if0344:0&includeSupersedes=0&source=fc&login=true _](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.5006-17-Algo-One-ARA-if0344:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One ARA| 4.9.1.1-22| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.4911-22-Algo-One-ARA-if0048:0&includeSupersedes=0&source=fc&login=true _](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.4911-22-Algo-One-ARA-if0048:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One ARA| 4.9.1.0-17| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.4910-17-Algo-One-ARA-if0049:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.4910-17-Algo-One-ARA-if0049:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2018-06-15T22:49:25", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat afffects IBM Algorithmics One-Algo Risk Application (CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2018-06-15T22:49:25", "id": "70F04B9A5CE3FFBC33D36A32D999163F5334E04B121B116CCEE525F5C79AD71C", "href": "https://www.ibm.com/support/pages/node/294881", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:49:56", "description": "## Summary\n\nApache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar SIEM 7.2.n\n\n## Remediation/Fixes\n\n\u2022 [_IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20170224202650&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-16T21:50:43", "type": "ibm", "title": "Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816"], "modified": "2018-06-16T21:50:43", "id": "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "href": "https://www.ibm.com/support/pages/node/292995", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:32", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "href": "https://www.ibm.com/support/pages/node/289765", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T17:45:51", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:**[ CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See[ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM UrbanCode Release 6.2.0.0 - 6.2.1.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Release| 6.2.0.0 \n6.2.1.0 \n6.2.1.1 \n6.2.1.2| [6.2.1.3](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/UrbanCode+Release&release=6.2.1.0&platform=All&function=fixId&fixids=6.2.1.3-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T22:33:29", "id": "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "href": "https://www.ibm.com/support/pages/node/599281", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:22", "description": "## Summary\n\nThere are vulnerabilities (CVE-2016-8735, CVE-2016-6816) reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0 \nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2 \nWebSphere Cast Iron v 6.4.0.0, 6.4.0.1 \nWebSphere Cast Iron v 6.3.0.0, 6.3.0.1, 6.3.0.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.0.0 \n7.5.0.1 \n7.5.1.0| LI79413| [7.5.1.0-CUMUIFIX-006](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.scrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.vcrypt2,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-linux,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.32bit.sc-win,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.sc-win,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.32bit.studio,7.5.1.0-WS-WCI-20170111-2346_H7_64-CUMUIFIX-006.studio,7.5.1.0-WS-WCI-20170111-2346_H11_64-CUMUIFIX-006.docker&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.0 \n7.0.0.1 \n7.0.0.2| LI79413| [7.0.0.2-CUMUIFIX-034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.scrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.vcrypt2,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.32bit.sc-win,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-linux,7.0.0.2-WS-WCI-20170224-0554_H8_64-CUMUIFIX-034.sc-win,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.32bit.studio,7.0.0.2-WS-WCI-20170224-0641_H9_64-CUMUIFIX-034.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.0 \n6.4.0.1| LI79413| [6.4.0.1-CUMUIFIX-043](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.scrypt2,6.4.0.1-WS-WCI-20170125-1122_H3-CUMUIFIX-043.vcrypt2,6.4.0.1-WS-WCI-20170125-1213_H5-CUMUIFIX-043.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.0 \n6.3.0.1 \n6.3.0.2| LI79413| [6.3.0.2-CUMUIFIX-024](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.scrypt2,6.3.0.2-WS-WCI-20170125-1126_H4-CUMUIFIX-024.vcrypt2,6.3.0.2-WS-WCI-20170125-1127_H5-CUMUIFIX-024.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-11-18T13:57:34", "id": "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "href": "https://www.ibm.com/support/pages/node/292627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:35", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)](<http://www-01.ibm.com/support/docview.wss?uid=swg21996898>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:19:05", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:19:05", "id": "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "href": "https://www.ibm.com/support/pages/node/289763", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:34", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119157> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\n \nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology](<https://www-01.ibm.com/support/docview.wss?uid=swg21997084>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:18:54", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-6816,CVE-2016-8735)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2018-06-17T05:18:54", "id": "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "href": "https://www.ibm.com/support/pages/node/289075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-12T18:18:27", "description": "## Summary\n\nThe Jazz Team Server is shipped with or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rhapsody Design Manager (Rhapsody DM), Rational Software Architect Design Manager (RSA DM), Rational Team Concert (RTC), and Rational Quality Manager (RQM).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 4.0 - 6.0.3 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.3 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.3 \n \nRational DOORS Next Generation 4.0.1 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.3 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.3 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.3 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nIn order to get all the available security updates, upgrade your products to version **4.0.7** or **5.0.2** or **6.0.2** or **6.0.3**, apply the latest ifix, and then perform the following upgrade: \n\n\n * The fixes are in Apache Tomcat version 7.0.73 or later. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation.\n \n**Note:** If you cannot upgrade to 4.0.7 or 5.0.2 or 6.0.2 or 6.0.3, contact [IBM support](<https://www.ibm.com/support/servicerequest>) for guidance. \n. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-04-28T18:35:50", "id": "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "href": "https://www.ibm.com/support/pages/node/289331", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:48", "description": "## Summary\n\nMultiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-8745_](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119642_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119642>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nTADDM 7.2.2.0 - 7.2.2.5 \nTADDM 7.3.0.0 (TADDM 7.3.0.1-3 - not affected - using WebSphere Liberty Profile) \n\n## Remediation/Fixes\n\nThere are eFixes prepared on top of the latest released FixPack for each stream: \n\n**Fix**| **VRMF**| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_TADDM73_tomcat7077_201411291020_1.zip| 7.3.0.0| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM73_tomcat7077_201411291020_1.zip>) \nefix_TADDM722_tomcat7077_FP520160209.zip| 7.2.2.5 \n| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM722_tomcat7077_FP520160209.zip>) \n \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt \nNote that the eFix requires manual deletion of the external/apache-tomcat directory. \n\n## Workarounds and Mitigations\n\nThe solution is to upgrade TADDM to use Tomcat version 7.0.77 \n \neFixes are prepared on top of the latest FixPack release, but if there were any custom changes made in a previous version of Apache Tomcat, please reapply them after the upgrade is finished.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T15:39:42", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8745"], "modified": "2018-06-17T15:39:42", "id": "6B0A5599577E8CC081B38DC85FFC053A3E597118CD8108314778BA17EC91A265", "href": "https://www.ibm.com/support/pages/node/559615", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:33", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\n \nConsult the security bulletin [Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology](<http://www-01.ibm.com/support/docview.wss?uid=swg21999362>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:19:51", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0762,CVE-2016-6797)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-6797"], "modified": "2018-06-17T05:19:51", "id": "B8AFBDF45AEF0460886E5F93AC90DAE8F281918FBE5E510F9AEB0E2A09E65A0A", "href": "https://www.ibm.com/support/pages/node/293399", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-14T14:10:21", "description": "## Summary\n\nThe Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 3.0.1 - 6.0.3 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.3 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.3 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.3 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.3 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.3 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\nIn order to get other security updates, upgrade your products to version **4.0.7** or **5.0.2** or **6.0.2 or 6.0.3**, apply the latest ifix, and then perform the following upgrades: \n \n**Note:** The fixes are in Apache Tomcat version 7.0.72 or later. Perform [_How to update the Apache Tomcat server for IBM Rational products based on versions 3.0.1.6, 4.0.7 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21687641>) to apply the remediation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-6797"], "modified": "2021-04-28T18:35:50", "id": "4CB5AEEB4566C85CB97CB5F4470481A16D1ECBA93395EFF72D6B83CAA77AD1F6", "href": "https://www.ibm.com/support/pages/node/292813", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T05:37:16", "description": "## Summary\n\nMultiple Apache Tomcat vulnerabilities affect IBM SONAS.\n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM SONAS \n \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.5. \n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:14", "type": "ibm", "title": "Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-18T00:32:14", "id": "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "href": "https://www.ibm.com/support/pages/node/696923", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T21:34:15", "description": "## Summary\n\nThere are vulnerabilities in Apache Tomcat to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>) \n**DESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Products and Versions of FlashSystem V840\u2019s two node types \n** \n_Storage Node_ \n\u00b7 Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1 \n\u00b7 Code versions affected include supported VRMFs: \no 1.4.0.0 \u2013 1.4.5.1 \no 1.3.0.0 \u2013 1.3.0.6 \n \n_Controller Node _ \n\u00b7 MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n\u00b7 Code versions affected include supported VRMFs: \no 7.7.0.0 \u2013 7.7.1.5 \no 7.8.0.0 \u2013 7.8.0.1\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, & \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Storage Node VRMF __ \n_1.4 stream: 1.4.6.0 _ \n_1.3 stream: 1.3.0.7_ \n \n__Controller Node VRMF __ \n_7.7 stream: 7.7.1.6_ \n_7.8 stream: 7.8.0.2_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:32:46", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2018-06-18T00:32:46", "id": "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "href": "https://www.ibm.com/support/pages/node/697161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:51", "description": "## Summary\n\nIssues with Apache Tomcat Vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.\n\n## Remediation/Fixes\n\nFor IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to [IBM UrbanCode Deploy 6.2.3](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.2.3&platform=All&function=all>). \n\n\nFor IBM UrbanCode Deploy versions 6.1 to 6.1.3.3, upgrade the server to [IBM UrbanCode Deploy 6.1.3.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.1.3&platform=All&function=all>).\n\nFor IBM UrbanCode Deploy versions 6.0 to 6.0.1.14, upgrade the server to [IBM UrbanCode Deploy 6.0.1.15](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+UrbanCode+Deploy&release=6.0.1.15&platform=All&function=all>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-15T22:00:02", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-11-15T22:00:02", "id": "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "href": "https://www.ibm.com/support/pages/node/619363", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:12", "description": "## Summary\n\nApache Tomcat vulnerability affects IBM Storwize V7000 Unified.\n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s) : None. \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:15", "type": "ibm", "title": "Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 )", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-18T00:32:15", "id": "029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "href": "https://www.ibm.com/support/pages/node/696927", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-31T17:39:16", "description": "## Summary\n\nVulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \n \nAll products are affected when running supported releases 7.1 to 7.8. For unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.6.1.7 \n7.7.1.6 \n7.8.0.2 \n7.8.1.0 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>) \n \nFor IBM FlashSystem V9000, upgrade to the following code levels or higher: \n \n7.6.1.7 \n7.7.1.6 \n7.8.0.2 \n7.8.1.0 \n \n[_Latest FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2023-03-29T01:48:02", "id": "BFC19961F4B2A71B650F919D0D8075421D25957A36A4487C121AAA7C17E478AF", "href": "https://www.ibm.com/support/pages/node/697173", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-31T17:41:00", "description": "## Summary\n\nThere are vulnerabilities in Apache Tomcat to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem\u2122 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796) could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop, or bypass a configured SecurityManager, \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>) \n**DESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nFlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. \n \nCode versions affected include supported VRMFs: \n\u00b7 1.4.0.0 \u2013 1.4.5.0 \n\u00b7 1.3.0.0 \u2013 1.3.0.6\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed code VRMF .__ \n_1.4 stream: 1.4.6.0 _ \n_1.3 stream: 1.3.0.7_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-6816", "CVE-2016-6817"], "modified": "2023-02-18T01:45:50", "id": "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "href": "https://www.ibm.com/support/pages/node/697159", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:24", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache Tomcat.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-6056_](<https://vulners.com/cve/CVE-2017-6056>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVE-ID**: [CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform version 7.1\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Fix**| **Download URL** \n---|--- \nFor OpenPages GRC Platform **7.1.0 through 7.1.0.3 ** \n\\- Apply 7.1 Fix Pack 4 (7.1.0.4) or later| [_http://www.ibm.com/support/docview.wss?uid=swg24043897_](<http://www.ibm.com/support/docview.wss?uid=swg24043897>) \n \nFor OpenPages GRC Platform v7.0.x customers, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \n\n\n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:48:06", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2017-5647", "CVE-2017-6056"], "modified": "2018-06-15T23:48:06", "id": "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "href": "https://www.ibm.com/support/pages/node/296623", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:26", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities. \n \nIBM Cognos Business Intelligence has addressed a vulnerability where sensitive information can be revealed in its logs files. \n \nThere is a vulnerabilitiy in IBM\u00ae WebSphere Application Server Liberty. Liberty is used by IBM Cognos Business Intelligence version 10.2.2. This issue was disclosed as part of the IBM WebSphere Application Server Liberty updates. \n \nIBM Cognos Business Intelligence has addressed several Apache Tomcat vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9985_](<https://vulners.com/cve/CVE-2016-9985>)** \nDESCRIPTION:** IBM Cognos Server stores highly sensitive information in log files that could be read by a local user. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120391_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120391>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** ** \n**CVEID:** [_CVE-2016-5983_](<https://vulners.com/cve/CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-5388_](<https://vulners.com/cve/CVE-2016-5388>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the \"HTTPOXY\" vulnerability. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Cognos Business Intelligence Server 10.2.2 \nIBM Cognos Business Intelligence Server 10.2.1.1 \nIBM Cognos Business Intelligence Server 10.2.1 \nIBM Cognos Business Intelligence Server 10.2 \nIBM Cognos Business Intelligence Server 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \n10.1.1: [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>)[_http://www.ibm.com/support/docview.wss?uid=swg24043287_](<http://www.ibm.com/support/docview.wss?uid=swg24043287>) \n10.2.0: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.1: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.1.1: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.2: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:17:50", "type": "ibm", "title": "Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5983", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9985"], "modified": "2018-06-15T23:17:50", "id": "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "href": "https://www.ibm.com/support/pages/node/293269", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by IBM Cognos Business Viewpoint. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulernabilities in Apache Tomcat also affect IBM Cognos Business Viewpoint. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n\n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Cognos Business Viewpoint 10.1 FP1 \nIBM Cognos Business Viewpoint 10.1.1 FP2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix in one of the 10.1.x versions listed as soon as practical. \n \nCognos Business Viewpoint 10.1 and Cognos Business Viewpoint 10.1.1 downloads; \n \n[IBM Cognos Business Viewpoint 10.1.0 FP1 IF1010 Windows](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Cognos&product=ibm/Information+Management/Cognos+8+Business+Viewpoint&release=10.1&platform=All&function=fixId&fixids=10.1.0.1-BA-CBV-Win32-IF010>) \n \n[IBM Cognos Business Viewpoint 10.1.1 FP2 IF1009 Windows](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Cognos&product=ibm/Information+Management/Cognos+8+Business+Viewpoint&release=10.1.1&platform=All&function=fixId&fixids=10.1.1.2-BA-CBV-Win32-IF009>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:18:18", "type": "ibm", "title": "Security Bulletin: There are multiple vulnerabilities in IBM Java Runtime and Apache Tomcat that affect IBM Cognos Business Viewpoint", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5548", "CVE-2016-5552", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-15T23:18:18", "id": "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "href": "https://www.ibm.com/support/pages/node/560313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:40:26", "description": "## Summary\n\nThere are multiple security vulnerabilies in WebSphere Application Server Community Edition.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-3092_](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114336_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-8745_](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119642_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119642>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-6056_](<https://vulners.com/cve/CVE-2017-6056>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Remediation/Fixes\n\nIBM WebSphere Application Server Community Edition 3.0.0.4 is out of general support, customers with a support extension contract can contact IBM support to request the fix. \n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-30T07:48:35", "type": "ibm", "title": "Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-3092", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735", "CVE-2016-8745", "CVE-2017-6056"], "modified": "2019-08-30T07:48:35", "id": "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "href": "https://www.ibm.com/support/pages/node/559087", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0762,CVE-2016-6797)](<http://www-01.ibm.com/support/docview.wss?uid=swg21999756>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:20:07", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T05:20:07", "id": "D27D7A3FAB54F4252945DE24C1BCEB0239D87CB0DB7641EF3375DE0B604D151D", "href": "https://www.ibm.com/support/pages/node/293947", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0762,CVE-2016-6797)](<http://www-01.ibm.com/support/docview.wss?uid=swg21999756>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:20:08", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T05:20:08", "id": "FCEDD547799AE384A4D749F6F180AE8594D14E825F787E185F25A3AC75A35F08", "href": "https://www.ibm.com/support/pages/node/293949", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:39:57", "description": "## Summary\n\nThere are vulnerabilities reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron Solution has remediated the affected versions.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \n \nWebSphere Cast Iron Solution v 7.5.1.0, v 7.5.0.1, v 7.5.0.0 \nWebSphere Cast Iron Solution v 7.0.0.2, v 7.0.0.1, v 7.0.0.0 \nWebSphere Cast Iron Solution v 6.4.0.1, v 6.4.0.0 \nWebSphere Cast Iron Solution v 6.3.0.2, v 6.3.0.1, v 6.3.0.0\n\n## Remediation/Fixes\n\n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| v 7.5.1.0, \nv 7.5.0.1, \nv 7.5.0.0| LI79259| [iFix 7.5.1.0-CUMUIFIX-005](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.scrypt2,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.vcrypt2,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.32bit.sc-linux,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.sc-linux,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.32bit.sc-win,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.sc-win,7.5.1.0-WS-WCI-20161103-1049_H11_64-CUMUIFIX-005.32bit.studio,7.5.1.0-WS-WCI-20161103-1049_H11_64-CUMUIFIX-005.studio,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.docker&includeSupersedes=0>) \nCast Iron Appliance| v 7.0.0.2, \nv 7.0.0.1, \nv 7.0.0.0| LI79259| [iFix 7.0.0.2-CUMUIFIX-033](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.scrypt2,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.vcrypt2,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.32bit.sc-linux,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.32bit.sc-win7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.sc-linux,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.sc-win,7.0.0.2-WS-WCI-20161103-1041_H9_64-CUMUIFIX-033.32bit.studio,7.0.0.2-WS-WCI-20161103-1041_H9_64-CUMUIFIX-033.studio&includeSupersedes=0>) \nCast Iron Appliance| v 6.4.0.1, \nv 6.4.0.0| LI79259| [iFix 6.4.0.1-CUMUIFIX-042](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20161103-1131_H3-CUMUIFIX-042.scrypt2,6.4.0.1-WS-WCI-20161103-1131_H3-CUMUIFIX-042.vcrypt2,6.4.0.1-WS-WCI-20161103-1131_H4-CUMUIFIX-042.studio&includeSupersedes=0>) \nCast Iron Appliance| v 6.3.0.2, \nv 6.3.0.1, \nv 6.3.0.0| LI79259| [iFix 6.3.0.2-CUMUIFIX-023](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20161103-1226_H4-CUMUIFIX-023.scrypt2,6.3.0.2-WS-WCI-20161103-1226_H4-CUMUIFIX-023.vcrypt2,6.3.0.2-WS-WCI-20161103-1506_H4-CUMUIFIX-023.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2019-11-18T13:57:34", "id": "F5CDE8C22C4BBC6BB7CBF97A440438D883CD649212412738F8629A2D4E07BCFD", "href": "https://www.ibm.com/support/pages/node/559471", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T01:34:19", "description": "## Summary\n\nApache Tomcat is used by Storwize V7000 Unified. Storwize V7000 Unified has addressed the applicable CVEs. \n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:**[ _CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-18T00:32:30", "type": "ibm", "title": "Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-18T00:32:30", "id": "FEA72A089D1755DA76737B39FD3BC90F9FC3011626C35A4FAFB48AD0A4D10189", "href": "https://www.ibm.com/support/pages/node/696969", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T17:45:52", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n \n \n--- \n \n## Affected Products and Versions\n\nIBM UrbanCode Release 6.2.1.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fixes as soon as practical. Review the information below regarding the available fixes. \n\nFor affected supporting products shipped with IBM UrbanCode Release, consult the following security bulletins for vulnerability details and fixes.\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Release| 6.2.1.2| [6.2.1.3](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/UrbanCode+Release&release=6.2.1.0&platform=All&function=fixId&fixids=6.2.1.3-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T22:33:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T22:33:29", "id": "BBD0BB9278125E79B44348E7A6E2FDFBBE0FF4AC9E9184823B714AE94FCDD740", "href": "https://www.ibm.com/support/pages/node/609287", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2020-03-05T18:32:21", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_win.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810717\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:05:36 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-12T17:07:24", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310810730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810730\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-04 14:36:33 +0530 (Tue, 04 Apr 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/http/detected\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!tomPort = get_app_port(cpe:CPE, service:\"www\"))\n exit(0);\n\nif(!dir = get_app_location(cpe:CPE, port:tomPort))\n exit(0);\n\nurl = dir + \"/?{{%25}}cake\\=1\";\n\n## Response will be Apache tomcat front page something like\n## https://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg\nif(http_vuln_check(port:tomPort, url:url, check_header:TRUE,\n pattern:'Apache Software Foundation', extra_check:make_list('tomcat.apache.org<',\n '\"Powered by Tomcat\"', 'tomcat.gif', 'tomcat-power.gif')))\n{\n report = http_report_vuln_url( port:tomPort, url:url );\n security_message(port:tomPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:39:50", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_lin.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810718\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:27:12 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:46:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171082", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1082\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1082\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1082 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:41:56", "description": "Check the version of tomcat", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat CESA-2017:0935 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882690", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882690\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:11 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat CESA-2017:0935 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0935\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2017:0527-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871773", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871773\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 05:49:35 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2017:0527-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0527-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:45:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171081", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1081\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1081\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1081 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:36:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:0935-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871795", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871795\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:32:25 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:0935-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\n the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0935-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-April/msg00026.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:46:22", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2017-03-18T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2017:0527 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882682", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882682\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 06:37:15 +0100 (Sat, 18 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2017:0527 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0527\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851503", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851503\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:02 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bug fixes:\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the linked documentation. (bsc#1002639)\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851455", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851455\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-14 05:55:01 +0100 (Wed, 14 Dec 2016)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Tomcat provides the following fixes:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bugs fixed:\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter().\n (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the\n context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the referenced documentation. (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3129-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-98cca07999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-98cca07999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872149\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:10 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-98cca07999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GROU4JPVEOMXRKCZLSWVE36HA3PSXAEP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-a98c560116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-a98c560116\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872157\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:55 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-a98c560116\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF4TZRB2ZZISKBSEVHSMDJFYA36MOY2B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-9c33466fbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-9c33466fbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872150\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:12 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-9c33466fbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENNFBRKLWKJB57BLHAVVE7N7SNJZAAG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703738\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703739\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:27", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703738", "href": "http://plugins.openvas.org/nasl.php?oid=703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703738);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and\nprovides a 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:02", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703739", "href": "http://plugins.openvas.org/nasl.php?oid=703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703739);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-3177-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat7 USN-3177-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843035\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 05:48:02 +0100 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat7 USN-3177-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3177-1 fixed vulnerabilities in Tomcat.\n The update introduced a regression in environments where Tomcat is started with\n a security manager. This update fixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat8 USN-3177-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat8 USN-3177-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843024\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:19:27 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat8 USN-3177-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:17", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3720-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703720", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3720.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3720-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703720\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3720-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3720.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u4.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:50", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3721-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703721", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3721.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3721-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703721\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3721-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3721.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these\nproblems have been fixed in version 7.0.56-3+deb8u5.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:40:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:2247-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871857", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871857\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:46 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:2247-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the\n Java Servlet and JavaServer Pages (JSP) technologies. The following packages\n have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895)\n Security Fix(es): * The Realm implementations did not process the supplied\n password if the supplied user name did not exist. This made a timing attack\n possible to determine valid user names. Note that the default configuration\n includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762) * It was discovered that a malicious web application could\n bypass a configured SecurityManager via a Tomcat utility method that was\n accessible to web applications. (CVE-2016-5018) * It was discovered that when a\n SecurityManager was configured, Tomcat's system property replacement feature for\n configuration files could be used by a malicious web application to bypass the\n SecurityManager and read system properties that should not be visible.\n (CVE-2016-6794) * It was discovered that a malicious web application could\n bypass a configured SecurityManager via manipulation of the configuration\n parameters for the JSP Servlet. (CVE-2016-6796) * It was discovered that it was\n possible for a web application to access any global JNDI resource whether an\n explicit ResourceLink had been configured or not. (CVE-2016-6797) Additional\n Changes: For detailed information on changes in this release, see the Red Hat\n Enterprise Linux 7.4 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"tomcat on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2247-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-09-04T14:19:06", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3721-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703721", "href": "http://plugins.openvas.org/nasl.php?oid=703721", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3721.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3721-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703721);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3721-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3721.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet\nand the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a\n'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these\nproblems have been fixed in version 7.0.56-3+deb8u5.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-05T18:37:51", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811298", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811298\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6794\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_bugtraq_id(93940, 93944, 93939, 93942, 93943);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 14:49:43 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the system property replacement feature for configuration files.\n\n - An error in the realm implementations in Apache Tomcat that does not process\n the supplied password if the supplied user name did not exist.\n\n - An error in the configured SecurityManager via a Tomcat utility method that\n is accessible to web applications.\n\n - An error in the configured SecurityManager via manipulation of the\n configuration parameters for the JSP Servlet.\n\n - An error in the ResourceLinkFactory implementation in Apache Tomcat that\n does not limit web application access to global JNDI resources to those\n resources explicitly linked to the web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and bypass\n certain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9,\n Apache Tomcat versions 8.5.0 to 8.5.4,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.36,\n Apache Tomcat versions 7.0.0 to 7.0.70, and\n Apache Tomcat versions 6.0.0 to 6.0.45 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M10\n or 8.5.5 or 8.0.37 or 7.0.72 or 6.0.47 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if(revcomp(a: appVer, b: \"6.0.47\") < 0){\n fix = \"6.0.47\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.72\") < 0){\n fix = \"7.0.72\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.5\") < 0){\n fix = \"8.5.5\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.37\") < 0){\n fix = \"8.0.37\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M10\") < 0){\n fix = \"9.0.0.M10\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-05T18:40:23", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811703", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811703\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6794\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_bugtraq_id(93940, 93944, 93939, 93942, 93943);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 16:00:24 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the system property replacement feature for configuration files.\n\n - An error in the realm implementations in Apache Tomcat that does not process\n the supplied password if the supplied user name did not exist.\n\n - An error in the configured SecurityManager via a Tomcat utility method that\n is accessible to web applications.\n\n - An error in the configured SecurityManager via manipulation of the\n configuration parameters for the JSP Servlet.\n\n - An error in the ResourceLinkFactory implementation in Apache Tomcat that\n does not limit web application access to global JNDI resources to those\n resources explicitly linked to the web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and bypass\n certain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9,\n Apache Tomcat versions 8.5.0 to 8.5.4,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.36,\n Apache Tomcat versions 7.0.0 to 7.0.70, and\n Apache Tomcat versions 6.0.0 to 6.0.45 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M10\n or 8.5.5 or 8.0.37 or 7.0.72 or 6.0.47 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if(revcomp(a: appVer, b: \"6.0.47\") < 0){\n fix = \"6.0.47\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.72\") < 0){\n fix = \"7.0.72\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.5\") < 0){\n fix = \"8.5.5\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.37\") < 0){\n fix = \"8.0.37\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M10\") < 0){\n fix = \"9.0.0.M10\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-09-04T14:18:33", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3720-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703720", "href": "http://plugins.openvas.org/nasl.php?oid=703720", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3720.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3720-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703720);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3720-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3720.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u4.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:20", "description": "\nF5 Product Development has assigned ID 630856 (BIG-IP), ID 631221 (Enterprise Manager), ID 466436 (ARX), and INSTALLER-2831 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H50116122 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| 13.0.0| Medium| Configuration utility \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP DNS| 12.0.0 - 12.1.2| 13.0.0| Medium| Configuration utility \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP WebSafe| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nARX| 6.2.0 - 6.4.0| None| Medium| Apache Tomcat \nEnterprise Manager| 3.1.1| None| Medium| Configuration utility \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Medium| Apache Tomcat\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP and Enterprise Manager\n\nTo mitigate this vulnerability, you can limit access to the Configuration utility to only use secure networks.\n\n**ARX and Traffix SDC**\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.7}, "published": "2016-12-02T01:46:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2016-6816", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2017-04-05T20:26:00", "id": "F5:K50116122", "href": "https://support.f5.com/csp/article/K50116122", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:15", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP and Enterprise Manager\n\nTo mitigate this vulnerability, you can limit access to the Configuration utility to only use secure networks.\n\n**ARX and Traffix SDC**\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.7}, "published": "2016-12-01T00:00:00", "type": "f5", "title": "SOL50116122 - Apache Tomcat vulnerability CVE-2016-6816", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2016-12-01T00:00:00", "id": "SOL50116122", "href": "http://support.f5.com/kb/en-us/solutions/public/k/50/sol50116122.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:45:14", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-14T00:00:00", "type": "f5", "title": "SOL36784855 - Apache Tomcat vulnerability CVE-2016-0762", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2016-11-14T00:00:00", "id": "SOL36784855", "href": "http://support.f5.com/kb/en-us/solutions/public/k/36/sol36784855.html", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:LOW/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-21T22:01:00", "description": "\nF5 Product Development has assigned ID 466436 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Low| Apache Tomcat \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-15T01:39:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2016-0762", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2017-09-21T21:24:00", "id": "F5:K36784855", "href": "https://support.f5.com/csp/article/K36784855", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2023-05-31T16:54:29", "description": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. ([CVE-2017-6056](<https://vulners.com/cve/CVE-2017-6056>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-06T20:31:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2017-6056", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2017-09-27T21:54:00", "id": "F5:K37337112", "href": "https://support.f5.com/csp/article/K37337112", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-04-11T01:28:01", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2022-05-13T01:14:53", "type": "osv", "title": "Improper Input Validation in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-04-11T01:27:57", "id": "OSV:GHSA-JC7P-5R39-9477", "href": "https://osv.dev/vulnerability/GHSA-jc7p-5r39-9477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:48:51", "description": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T01:02:15", "type": "osv", "title": "Observable Discrepancy in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2023-04-11T01:48:42", "id": "OSV:GHSA-WXCP-F2C8-X6XV", "href": "https://osv.dev/vulnerability/GHSA-wxcp-f2c8-x6xv", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-05T05:20:04", "description": "\nA bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\n[CVE-2016-6816](https://security-tracker.debian.org/tracker/CVE-2016-6816).\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n7.0.28-4+deb7u9.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-10T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2022-08-05T05:20:00", "id": "OSV:DLA-779-1", "href": "https://osv.dev/vulnerability/DLA-779-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:39", "description": "\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\n\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\n\nThis is probably the last security update of Tomcat 6 which will reach\nits end-of-life exactly in one month. We strongly recommend to switch\nto another supported version such as Tomcat 7 at your earliest\nconvenience.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n6.0.45+dfsg-1~deb7u3.\n\n\nWe recommend that you upgrade your tomcat6 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "tomcat6 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2022-07-21T05:54:45", "id": "OSV:DLA-728-1", "href": "https://osv.dev/vulnerability/DLA-728-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:41", "description": "\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\n\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n7.0.28-4+deb7u7.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2022-07-21T05:54:45", "id": "OSV:DLA-729-1", "href": "https://osv.dev/vulnerability/DLA-729-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:08:43", "description": "\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u5.\n\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 8.5.8-2.\n\n\nWe recommend that you upgrade your tomcat8 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-18T00:00:00", "type": "osv", "title": "tomcat8 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2022-08-10T07:08:35", "id": "OSV:DSA-3739-1", "href": "https://osv.dev/vulnerability/DSA-3739-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:06:36", "description": "\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6.\n\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-18T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2022-08-10T07:06:33", "id": "OSV:DSA-3738-1", "href": "https://osv.dev/vulnerability/DSA-3738-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:25:18", "description": "\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u4.\n\n\nWe recommend that you upgrade your tomcat8 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-21T00:00:00", "type": "osv", "title": "tomcat8 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2022-07-21T05:49:16", "id": "OSV:DSA-3720-1", "href": "https://osv.dev/vulnerability/DSA-3720-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-21T08:25:18", "description": "\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u5.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-21T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2022-07-21T05:49:16", "id": "OSV:DSA-3721-1", "href": "https://osv.dev/vulnerability/DSA-3721-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T12:01:55", "description": "Severity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\nApache Tomcat 9.0.0.M1 to 9.0.0.M11\r\nApache Tomcat 8.5.0 to 8.5.6\r\nApache Tomcat 8.0.0.RC1 to 8.0.38\r\nApache Tomcat 7.0.0 to 7.0.72\r\nApache Tomcat 6.0.0 to 6.0.47\r\nEarlier, unsupported versions may also be affected.\r\n\r\nDescription\r\nThe code that parsed the HTTP request line permitted invalid characters.\r\nThis could be exploited, in conjunction with a proxy that also permitted\r\nthe invalid characters but with a different interpretation, to inject\r\ndata into the HTTP response. By manipulating the HTTP response the\r\nattacker could poison a web-cache, perform an XSS attack and/or obtain\r\nsensitive information from requests other then their own.\r\n\r\nMitigation\r\nUsers of affected versions should apply one of the following mitigations\r\n- Upgrade to Apache Tomcat 9.0.0.M13 or later\r\n (Apache Tomcat 9.0.0.M12 has the fix but was not released)\r\n- Upgrade to Apache Tomcat 8.5.8 or later\r\n (Apache Tomcat 8.5.7 has the fix but was not released)\r\n- Upgrade to Apache Tomcat 8.0.39 or later\r\n- Upgrade to Apache Tomcat 7.0.73 or later\r\n- Upgrade to Apache Tomcat 6.0.48 or later\r\n\r\nCredit:\r\nThis issue was discovered by Regis Leroy from Makina Corpus.", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "seebug", "title": "Apache Tomcat information disclosure Vulnerability, CVE-2016-6816\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2017-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92678", "id": "SSV:92678", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache Tomcat 6789 - Information Disclosure", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.7}, "published": "2017-04-04T00:00:00", "type": "exploitpack", "title": "Apache Tomcat 6789 - Information Disclosure", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2017-04-04T00:00:00", "id": "EXPLOITPACK:1FA29992905DF6DC8A86680F66930B75", "href": "", "sourceData": "# Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability\n# Date: 4th March 2017\n# Exploit Author: justpentest\n# Vendor Homepage: tomcat.apache.org\n# Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6,\n8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47\n# Contact: transform2secure@gmail.com\n\n\nSource: https://www.securityfocus.com/bid/94461/info\n\n1) Description:\nApache Tomcat is prone to a security-bypass vulnerability.\nAn attacker can exploit this issue to bypass certain security restrictions\nand perform unauthorized actions. This may lead to further attacks.\nApache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1\nthrough 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are\nvulnerable.\nThis could be exploited, in conjunction with a proxy that also permitted\nthe invalid characters but with a different interpretation, to inject data\ninto the HTTP response. By manipulating the HTTP response the attacker\ncould poison a web-cache, perform an XSS attack and/or obtain sensitive\ninformation from requests other then their own.\n\nhttps://www.securityfocus.com/bid/94461/discuss\n2) Exploit:\n\nGET /?{{%25}}cake\\=1 HTTP/1.1\nHost: justpentest.com\nAccept: */*\nAccept-Language: en\nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;\nTrident/5.0)\nConnection: close\nCookie:\nNSC_MSN-IBNQ-VX-mcwtfswfs=ffffffff091c1daaaa525d5f4f58455e445a4a488888\n\n OR\n\nGET\n/?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1\nHTTP/1.1\n\nResponse will be Apache tomcat front page something like\nhttps://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg\n\n3) Refrences:\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6816\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816\n\n4) Solution:\nAs usual update ;)", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2017-04-10T01:24:11", "description": "", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "packetstorm", "title": "Apache Tomcat 6 / 7 / 8 / 9 Information Disclosure", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2017-04-04T00:00:00", "id": "PACKETSTORM:141920", "href": "https://packetstormsecurity.com/files/141920/Apache-Tomcat-6-7-8-9-Information-Disclosure.html", "sourceData": "`# Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability \n# Date: 4th March 2017 \n# Exploit Author: justpentest \n# Vendor Homepage: tomcat.apache.org \n# Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, \n8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 \n# Contact: transform2secure@gmail.com \n \n \nSource: http://www.securityfocus.com/bid/94461/info \n \n1) Description: \nApache Tomcat is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions \nand perform unauthorized actions. This may lead to further attacks. \nApache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 \nthrough 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are \nvulnerable. \nThis could be exploited, in conjunction with a proxy that also permitted \nthe invalid characters but with a different interpretation, to inject data \ninto the HTTP response. By manipulating the HTTP response the attacker \ncould poison a web-cache, perform an XSS attack and/or obtain sensitive \ninformation from requests other then their own. \n \nhttp://www.securityfocus.com/bid/94461/discuss \n2) Exploit: \n \nGET /?{{%25}}cake\\=1 HTTP/1.1 \nHost: justpentest.com \nAccept: */* \nAccept-Language: en \nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; \nTrident/5.0) \nConnection: close \nCookie: \nNSC_MSN-IBNQ-VX-mcwtfswfs=ffffffff091c1daaaa525d5f4f58455e445a4a488888 \n \nOR \n \nGET \n/?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1 \nHTTP/1.1 \n \nResponse will be Apache tomcat front page something like \nhttps://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg \n \n3) Refrences: \nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6816 \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816 \n \n4) Solution: \nAs usual update ;) \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/141920/apachetomcat6789-disclose.txt"}], "zdt": [{"lastseen": "2018-01-05T17:11:45", "description": "Exploit for multiple platform in category remote exploits", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "zdt", "title": "Apache Tomcat 6/7/8/9 - Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2017-04-03T00:00:00", "id": "1337DAY-ID-27485", "href": "https://0day.today/exploit/description/27485", "sourceData": "# Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability\r\n# Date: 4th March 2017\r\n# Exploit Author: justpentest\r\n# Vendor Homepage: tomcat.apache.org\r\n# Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6,\r\n8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47\r\n \r\n \r\nSource: http://www.securityfocus.com/bid/94461/info\r\n \r\n1) Description:\r\nApache Tomcat is prone to a security-bypass vulnerability.\r\nAn attacker can exploit this issue to bypass certain security restrictions\r\nand perform unauthorized actions. This may lead to further attacks.\r\nApache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1\r\nthrough 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are\r\nvulnerable.\r\nThis could be exploited, in conjunction with a proxy that also permitted\r\nthe invalid characters but with a different interpretation, to inject data\r\ninto the HTTP response. By manipulating the HTTP response the attacker\r\ncould poison a web-cache, perform an XSS attack and/or obtain sensitive\r\ninformation from requests other then their own.\r\n \r\nhttp://www.securityfocus.com/bid/94461/discuss\r\n2) Exploit:\r\n \r\nGET /?{{%25}}cake\\=1 HTTP/1.1\r\nHost: justpentest.com\r\nAccept: */*\r\nAccept-Language: en\r\nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;\r\nTrident/5.0)\r\nConnection: close\r\nCookie:\r\nNSC_MSN-IBNQ-VX-mcwtfswfs=ffffffff091c1daaaa525d5f4f58455e445a4a488888\r\n \r\n OR\r\n \r\nGET\r\n/?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1\r\nHTTP/1.1\r\n \r\nResponse will be Apache tomcat front page something like\r\nhttps://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg\r\n \r\n3) Refrences:\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6816\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816\r\n \r\n4) Solution:\r\nAs usual update ;)\n\n# 0day.today [2018-01-05] #", "sourceHref": "https://0day.today/exploit/27485", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "github": [{"lastseen": "2023-05-31T14:46:39", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2022-05-13T01:14:53", "type": "github", "title": "Improper Input Validation in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-01-27T05:02:19", "id": "GHSA-JC7P-5R39-9477", "href": "https://github.com/advisories/GHSA-jc7p-5r39-9477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-31T14:46:41", "description": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-13T01:02:15", "type": "github", "title": "Observable Discrepancy in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2023-01-27T05:02:11", "id": "GHSA-WXCP-F2C8-X6XV", "href": "https://github.com/advisories/GHSA-wxcp-f2c8-x6xv", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "veracode": [{"lastseen": "2023-04-18T13:33:26", "description": "Apache Tomcat is vulnerable to cross-site scripting (XSS) attacks and information disclosure. It permits invalid characters when parsing the HTTP request line. Attackers can exploit it, in conjunction with a proxy that also permits the invalid characters but with a different interpretation, to inject data into an HTTP response. Thus, it is possible for attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2019-01-15T09:15:22", "type": "veracode", "title": "Cross-site Scripting (XSS) Or Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2021-03-15T10:39:27", "id": "VERACODE:12289", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12289/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T14:10:16", "description": "tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-15T09:16:05", "type": "veracode", "title": "Timing Attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2022-04-18T18:43:39", "id": "VERACODE:12348", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12348/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-18T16:26:03", "description": "tomcat-coyote is vulnerable to denial of service (DoS) attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for `pos` while processing HTTPS requests in the Apache Tomcat servlet and JSP engine.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-22T02:23:40", "type": "veracode", "title": "Denial Of Service (DoS) Via Infinite Loop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2019-10-03T07:17:30", "id": "VERACODE:3596", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-3596/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-05-31T14:28:09", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2017-03-20T18:59:00", "type": "cve", "title": "CVE-2016-6816", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2020-10-05T22:15:00", "cpe": ["cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:8.0.35", "cpe:/a:apache:tomcat:8.0.12", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:8.0.36", "cpe:/a:apache:tomcat:8.0.31", "cpe:/a:apache:tomcat:8.0.3", "cpe:/a:apache:tomcat:8.0.11", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:8.0.6", "cpe:/a:apache:tomcat:6.0.34", "cpe:/a:apache:tomcat:6.0.25", "cpe:/a:apache:tomcat:7.0.66", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.67", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:8.5.5", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:8.0.8", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.71", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:8.0.14", "cpe:/a:apache:tomcat:7.0.59", "cpe:/a:apache:tomcat:8.0.4", "cpe:/a:apache:tomcat:8.0.28", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:8.5.4", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:8.0.21", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.63", "cpe:/a:apache:tomcat:8.0.32", "cpe:/a:apache:tomcat:7.0.58", "cpe:/a:apache:tomcat:7.0.62", "cpe:/a:apache:tomcat:6.0.43", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:8.0.19", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:8.0.22", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:6.0.41", "cpe:/a:apache:tomcat:7.0.60", "cpe:/a:apache:tomcat:6.0.47", "cpe:/a:apache:tomcat:7.0.61", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.44", "cpe:/a:apache:tomcat:7.0.52", "cpe:/a:apache:tomcat:9.0.0", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:7.0.68", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:8.0.33", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:8.0.15", "cpe:/a:apache:tomcat:8.0.5", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:8.5.2", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:8.0.9", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:8.0.37", "cpe:/a:apache:tomcat:7.0.55", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0.42", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.23", "cpe:/a:apache:tomcat:6.0.46", "cpe:/a:apache:tomcat:7.0.51", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:6.0.38", "cpe:/a:apache:tomcat:7.0.64", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:8.0.23", "cpe:/a:apache:tomcat:7.0.43", "cpe:/a:apache:tomcat:8.0.7", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:6.0.40", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.57", "cpe:/a:apache:tomcat:7.0.56", "cpe:/a:apache:tomcat:6.0.21", "cpe:/a:apache:tomcat:8.5.1", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:8.0.17", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.53", "cpe:/a:apache:tomcat:8.5.3", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:6.0.45", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:8.0.38", "cpe:/a:apache:tomcat:8.0.13", "cpe:/a:apache:tomcat:7.0.54", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:8.0.27", "cpe:/a:apache:tomcat:8.0.20", "cpe:/a:apache:tomcat:8.0.26", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:8.0.16", "cpe:/a:apache:tomcat:8.0.29", "cpe:/a:apache:tomcat:8.5.0", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:8.0.2", "cpe:/a:apache:tomcat:8.0.30", "cpe:/a:apache:tomcat:7.0.65", "cpe:/a:apache:tomcat:8.0.10", "cpe:/a:apache:tomcat:8.0.34", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:8.5.6", "cpe:/a:apache:tomcat:7.0.69", "cpe:/a:apache:tomcat:7.0.72", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:8.0.24", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:8.0.25", "cpe:/a:apache:tomcat:7.0.70", "cpe:/a:apache:tomcat:8.0.18", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:7.0.12"], "id": "CVE-2016-6816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-31T14:06:18", "description": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-10T16:29:00", "type": "cve", "title": "CVE-2016-0762", "cwe": ["CWE-203"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762"], "modified": "2022-04-18T17:57:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/a:netapp:snap_creator_framework:-", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/a:apache:tomcat:6.0.45", "cpe:/a:apache:tomcat:8.0.36", "cpe:/o:redhat:enterprise_linux_eus:7.7", "cpe:/a:apache:tomcat:9.0.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:redhat:jboss_enterprise_web_server:3.0.0", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:oncommand_shift:-", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/a:apache:tomcat:8.5.4", "cpe:/a:oracle:tekelec_platform_distribution:7.7.1", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:apache:tomcat:7.0.70", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:communications_diameter_signaling_router:8.5.0", "cpe:/o:redhat:enterprise_linux_eus:7.6"], "id": "CVE-2016-0762", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0762", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tekelec_platform_distribution:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*"]}, {"lastseen": "2023-05-31T15:09:21", "description": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-17T07:59:00", "type": "cve", "title": "CVE-2017-6056", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-6056", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6056", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "redhatcve": [{"lastseen": "2022-04-06T15:20:09", "description": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2021-07-11T07:51:46", "type": "redhatcve", "title": "CVE-2016-6816", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2022-04-02T09:31:39", "id": "RH:CVE-2016-6816", "href": "https://access.redhat.com/security/cve/cve-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:09:08", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n(CVE-2016-6816)", "cvss3": {}, "published": "2017-02-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL50116122.NASL", "href": "https://www.tenable.com/plugins/nessus/97423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K50116122.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97423);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2016-6816\");\n\n script_name(english:\"F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6,\n8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed\nthe HTTP request line permitted invalid characters. This could be\nexploited, in conjunction with a proxy that also permitted the invalid\ncharacters but with a different interpretation, to inject data into\nthe HTTP response. By manipulating the HTTP response the attacker\ncould poison a web-cache, perform an XSS attack and/or obtain\nsensitive information from requests other then their own.\n(CVE-2016-6816)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K50116122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc7230#section-9.5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K50116122.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K50116122\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:53", "description": "A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-11T00:00:00", "type": "nessus", "title": "Debian DLA-779-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-779.NASL", "href": "https://www.tenable.com/plugins/nessus/96396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-779-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96396);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n\n script_name(english:\"Debian DLA-779-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\nCVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:35", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps"], "id": "EULEROS_SA-2017-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/99947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99947);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?486df412\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:53", "description": "From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# Oracle Linux Security Advisory ELSA-2017-0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97765);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2017-0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006786.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:45", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-778.NASL", "href": "https://www.tenable.com/plugins/nessus/95898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-778.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95898);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-778\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-778)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-778.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat8' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.39-1.67.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:39", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935 and \n# CentOS Errata and Security Advisory 2017:0935 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99384);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2017:0935)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f9e6646\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:22", "description": "The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96364);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214599\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n # https://vuxml.freebsd.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f94679a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.73\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:00", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-776)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-776.NASL", "href": "https://www.tenable.com/plugins/nessus/95896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-776.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95896);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-776\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-776)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-776.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat6' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.48-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:45", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-777.NASL", "href": "https://www.tenable.com/plugins/nessus/95897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-777.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95897);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-777)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-777.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat7' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.73-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:08", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/101450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101450);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0935.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf47d5ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11.vl7\",\n \"tomcat-admin-webapps-7.0.69-11.vl7\",\n \"tomcat-docs-webapp-7.0.69-11.vl7\",\n \"tomcat-el-2.2-api-7.0.69-11.vl7\",\n \"tomcat-javadoc-7.0.69-11.vl7\",\n \"tomcat-jsp-2.2-api-7.0.69-11.vl7\",\n \"tomcat-jsvc-7.0.69-11.vl7\",\n \"tomcat-lib-7.0.69-11.vl7\",\n \"tomcat-servlet-3.0-api-7.0.69-11.vl7\",\n \"tomcat-webapps-7.0.69-11.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:12", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat6", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/101438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101438);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0527.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9920be2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0527\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 / tomcat6-admin-webapps / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat6-6.0.24-105.vl6\",\n \"tomcat6-admin-webapps-6.0.24-105.vl6\",\n \"tomcat6-docs-webapp-6.0.24-105.vl6\",\n \"tomcat6-el-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-javadoc-6.0.24-105.vl6\",\n \"tomcat6-jsp-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-lib-6.0.24-105.vl6\",\n \"tomcat6-servlet-2.5-api-6.0.24-105.vl6\",\n \"tomcat6-webapps-6.0.24-105.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:19", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1082.NASL", "href": "https://www.tenable.com/plugins/nessus/99948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99948);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f998546\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:37", "description": "From Red Hat Security Advisory 2017:0935 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0935 and \n# Oracle Linux Security Advisory ELSA-2017-0935 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99334);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2017-0935)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0935 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-April/006831.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:59", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99348);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2017:0935)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0935\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:00", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97767);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2017:0527)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:42", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# CentOS Errata and Security Advisory 2017:0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97795);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2017:0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c36d97ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:15:37", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-05-10T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700668.PASL", "href": "https://www.tenable.com/plugins/nnm/700668", "sourceData": "Binary data 700668.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:05", "description": "It was discovered that the code that parsed the HTTP request line permitted\n\ninvalid characters. This could be exploited, in conjunction with a proxy that\n\nalso permitted the invalid characters but with a different interpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response the\n\nattacker could poison a web-cache, perform an XSS attack, or obtain sensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when\n\nrequest contains characters that are not permitted by the HTTP specification to\n\nappear not encoded, even though they were previously accepted. The newly\n\nintroduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and the pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs without being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO\n\nHTTP connector. This led to the current Processor object being added to the\n\nProcessor cache multiple times allowing information leakage between requests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2017-810)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-810.NASL", "href": "https://www.tenable.com/plugins/nessus/99037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-810.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99037);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"ALAS\", value:\"2017-810\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2017-810)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the code that parsed the HTTP request line\npermitted\n\ninvalid characters. This could be exploited, in conjunction with a\nproxy that\n\nalso permitted the invalid characters but with a different\ninterpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response\nthe\n\nattacker could poison a web-cache, perform an XSS attack, or obtain\nsensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when\n\nrequest contains characters that are not permitted by the HTTP\nspecification to\n\nappear not encoded, even though they were previously accepted. The\nnewly\n\nintroduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and\nthe pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs\nwithout being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO\n\nHTTP connector. This led to the current Processor object being added\nto the\n\nProcessor cache multiple times allowing information leakage between\nrequests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-810.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.51-1.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:37", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170412_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99353);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=8502\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0863e9c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:53", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97770);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=8501\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc04edf8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:38:49", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach its end-of-life exactly in one month. We strongly recommend to switch to another supported version such as Tomcat 7 at your earliest convenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-728-1 : tomcat6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet2.4-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat6-java", "p-cpe:/a:debian:debian_linux:tomcat6", "p-cpe:/a:debian:debian_linux:tomcat6-admin", "p-cpe:/a:debian:debian_linux:tomcat6-common", "p-cpe:/a:debian:debian_linux:tomcat6-docs", "p-cpe:/a:debian:debian_linux:tomcat6-examples", "p-cpe:/a:debian:debian_linux:tomcat6-extras", "p-cpe:/a:debian:debian_linux:tomcat6-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-728.NASL", "href": "https://www.tenable.com/plugins/nessus/95454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-728-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95454);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"Debian DLA-728-1 : tomcat6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach\nits end-of-life exactly in one month. We strongly recommend to switch\nto another supported version such as Tomcat 7 at your earliest\nconvenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:31:12", "description": "This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1455)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/95790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1455.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95790);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1455)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in\n WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by\n changing the context.xml format to the new one\n introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://features.opensuse.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.32-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:13", "description": "This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1456.NASL", "href": "https://www.tenable.com/plugins/nessus/95791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95791);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1456)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://features.opensuse.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-admin-webapps-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-docs-webapp-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-el-3_0-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-embed-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-javadoc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsp-2_3-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsvc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-lib-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-servlet-3_1-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-webapps-8.0.36-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:49", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-729-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-729.NASL", "href": "https://www.tenable.com/plugins/nessus/95455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-729-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95455);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Debian DLA-729-1 : tomcat7 security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/tomcat7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:34", "description": "The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java"], "id": "UBUNTU_USN-4557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141092);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_bugtraq_id(\n 93939,\n 93940,\n 93942,\n 93943,\n 93944,\n 94461,\n 94463\n );\n script_xref(name:\"USN\", value:\"4557-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user\n name did not exist. This made a timing attack possible to determine valid user names. Note that the\n default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to\n 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility\n method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be\n controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files\n could be used by a malicious web application to bypass the SecurityManager and read system properties that\n should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via\n manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources\n to those resources explicitly linked to the web application. Therefore, it was possible for a web\n application to access any global JNDI resource whether an explicit ResourceLink had been configured or\n not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and\n 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited,\n in conjunction with a proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker\n could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other\n then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39,\n 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can\n reach JMX ports. The issue exists because this listener wasn't updated for consistency with the\n CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libservlet2.5-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libservlet2.5-java', 'pkgver': '6.0.45+dfsg-1ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet2.5-java');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:46", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2016-a98c560116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A98C560116.NASL", "href": "https://www.tenable.com/plugins/nessus/95904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a98c560116.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95904);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2016-a98c560116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.39-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:20", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2016-98cca07999)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-98CCA07999.NASL", "href": "https://www.tenable.com/plugins/nessus/95829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-98cca07999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95829);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2016-98cca07999)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-98cca07999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.39-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:09", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.8 or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\nNote that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9906.PASL", "href": "https://www.tenable.com/plugins/nnm/9906", "sourceData": "Binary data 9906.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:14", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 23 : 1:tomcat (2016-9c33466fbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9C33466FBB.NASL", "href": "https://www.tenable.com/plugins/nessus/95830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9c33466fbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95830);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Fedora 23 : 1:tomcat (2016-9c33466fbb)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"tomcat-8.0.39-1.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:58", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/95438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95438);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_bugtraq_id(94097, 94461, 94463);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.48, 7.0.x\nprior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or\n9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple \nvulnerabilities :\n\n - A flaw exists that is triggered when handling request\n lines containing certain invalid characters. An \n unauthenticated, remote attacker can exploit this, by\n injecting additional headers into responses, to conduct\n HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2\n parser due to an infinite loop caused by improper\n parsing of overly large headers. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x\n versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX\n listener in JmxRemoteLifecycleListener.java due to\n improper deserialization of Java objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e8a81e1\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c7e7b23\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?833cb56a\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87d6ed56\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f7bb039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.48 / 7.0.73 / 8.0.39 / 8.5.8 / 9.0.0.M13 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:make_list(\"6.0.48\", \"7.0.73\", \"8.0.39\", \"8.5.8\", \"9.0.0.M13\"), severity:SECURITY_HOLE, granularity_regex:\"^(6(\\.0)?|7(\\.0)?|8(\\.(0|5))?|9(\\.0)?)$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:04", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and Brian Stansberry (Red Hat).", "cvss3": {}, "published": "2018-09-04T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss EAP (RHSA-2017:0245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-0245.NASL", "href": "https://www.tenable.com/plugins/nessus/112252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0245. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112252);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0245\");\n\n script_name(english:\"RHEL 7 : JBoss EAP (RHSA-2017:0245)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.12, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat)\nand Brian Stansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0245\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"apache-cxf-2.7.18-5.SP4_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hornetq-2.3.25-18.SP16_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-cachestore-jdbc-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-cachestore-remote-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-client-hotrod-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-core-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-appclient-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cli-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-client-all-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-clustering-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cmp-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-connector-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-console-2.5.15-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-client-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-core-security-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-repository-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-scanner-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-http-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-management-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-deployment-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ejb3-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-embedded-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-host-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jacorb-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxr-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxrs-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jdr-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jmx-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jpa-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsf-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsr77-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-logging-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-mail-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-management-client-content-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-messaging-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-modcluster-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-naming-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-network-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-service-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-picketlink-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-platform-mbean-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-pojo-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-process-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-protocol-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-remoting-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-sar-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-security-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-server-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-system-jmx-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-threads-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-transactions-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-version-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-web-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-webservices-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-weld-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-xts-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-ejb-client-1.0.38-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-hal-2.5.15-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-appclient-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-bundles-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-core-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-domain-7.5.13-5.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-javadocs-7.5.13-3.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-modules-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-product-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-standalone-7.5.13-5.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-welcome-content-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossweb-7.5.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"resteasy-2.3.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf / hornetq / infinispan / infinispan-cachestore-jdbc / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:20", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {}, "published": "2017-02-06T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2017:0244)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0244.NASL", "href": "https://www.tenable.com/plugins/nessus/97009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0244. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97009);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0244\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2017:0244)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.12, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian\nStansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\&

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)

Description

Affected Software

Related